Selective Imaging of File System Data on Live Systems. (April 2021)
- Record Type:
- Journal Article
- Title:
- Selective Imaging of File System Data on Live Systems. (April 2021)
- Main Title:
- Selective Imaging of File System Data on Live Systems
- Authors:
- Faust, Fabian
Thierry, Aurélien
Müller, Tilo
Freiling, Felix - Abstract:
- Abstract: In contrast to the common habit of taking full bitwise copies of storage devices before analysis, selective imaging promises to alleviate the problems created by the increasing capacity of storage devices. Imaging is selective if only selected data objects from an image that were explicitly chosen are included in the copied data. While selective imaging has been defined for post-mortem data acquisition, performing this process live, i.e., by using the system that contains the evidence also to execute the imaging software, is less well defined and understood. We present the design and implementation of a new live Selective Imaging Tool for Windows, called SIT, which is based on the DFIR ORC framework and uses AFF4 as a container format.
- Is Part Of:
- Forensic science international. Volume 36(2021)Supplement
- Journal:
- Forensic science international
- Issue:
- Volume 36(2021)Supplement
- Issue Display:
- Volume 36, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 36
- Issue:
- 2021
- Issue Sort Value:
- 2021-0036-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-04
- Subjects:
- Live forensics -- Selective imaging -- File system data -- Forensic soundness
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2021.301115 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 19470.xml