An open architecture for digital evidence integration

Schatz, Bradley & Clark, Andrew J. (2006) An open architecture for digital evidence integration. In Clark, Andrew J., McPherson, Mark, & Mohay, George M. (Eds.) AusCERT Asia Pacific Information Technology Security Conference : Refereed R&D Stream, 21-26 May 2006, Gold Coast, Queensland.

View at publisher


Recently the need for “digital evidence bags” – a common storage format for digital evidence – has been identified as a key requirement for enabling inter-organisational sharing of digital evidence, and interoperability between forensic analysis tools. Recent work has described an ontology based approach to correlation of event log based evidence, using semantic web technologies for describing and representing event log based digital evidence. In this paper we apply the representational approach to the integration of metadata related to digital evidence, and propose a globally unique identification scheme for digital evidence and related metadata. We relate the representational approach to the digital evidence bags concept identifying a number of shortcomings. We propose an alternative architecture for digital evidence bags, which we call the sealed digital evidence bags architecture. This approach treats bags as immutable objects, and facilitates the building of a corpus of digital evidence by composition and referencing between evidence bags. This architecture facilitates modular forensic tool development and interoperability between forensics tools.

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

457 since deposited on 14 Jun 2009
31 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 21119
Item Type: Conference Paper
Refereed: Yes
Additional URLs:
Keywords: digital forensics, computer forensics, digital evidence, evidence integration
ISBN: 1864998539
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2006 [please consult the authors]
Deposited On: 14 Jun 2009 23:43
Last Modified: 29 Feb 2012 13:18

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page