Generating computer forensic super-timelines under Linux – A Comprehensive guide for Windows-based disk images

PDF

Authors
  1. Carbone, R.
  2. Bean, C.
Corporate Authors
Defence R&D Canada - Valcartier, Valcartier QUE (CAN)
Abstract
This technical memorandum examines the basics surrounding computer forensic filesystem timelines and provides an enhanced approach to generating superior timelines for improved filesystem analysis and contextual awareness. Timelines are improved by polling multiple sources of information across the filesystem resulting in an approach that is surprisingly flexible and customizable. The timeline is further enhanced by incorporating key time-based metadata found across a disk image which, when taken as a whole, increases the forensic investigator’s understanding.

Il y a un résumé en français ici.

Report Number
DRDC-VALCARTIER-TM-2011-216 — Technical Memorandum
Date of publication
01 Oct 2011
Number of Pages
136
DSTKIM No
CA036008
CANDIS No
535374
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: