Computer Forensic Profiling : The automatic description of computer systems for forensic purposes

Bok av Andrew Marrington
Computer forensics is the process of gathering and analyzing evidence from computer systems to aid in the investigation of a crime. Typically, such investigations are undertaken by trained forensic examiners using purpose-built software to discover evidence from a computer disk. This process is a manual one, and the time it takes for a forensic examiner to conduct such an investigation is proportional to the storage capacity of the computer's disk drives. The heterogeneity and complexity of various data formats stored on modern computer systems compounds the problems posed by the sheer volume of data. The decision to undertake a digital forensic examination of a computer system is a decision to commit significant quantities of a human examiner's time. Where there is no prior knowledge of the information contained on a computer system, this commitment of time and energy occurs with little idea of the potential benefit to the investigation.