A General Strategy for Differential Forensic Analysis

Appeared in Digital Forensics Research Workshop 2012.

Abstract

The dramatic growth of storage capacity and network bandwidth is making it increasingly difficult for forensic examiners to report what is present on a piece of subject media. Instead, analysts are focusing on what characteristics of the media have changed between two snapshots in time. To date different algorithms have been implemented for performing differential analysis of computer media, memory, digital documents, network traces, and other kinds of digital evidence. This paper presents an abstract differencing strategy and applies it to all of these problem domains. Use of an abstract strategy allows the lessons gleaned in one problem domain to be directly applied to others.

Publication date:
August 2012

Authors:
Simson Garfinkel
Alex Nelson
Joel Young

Projects:
Digital Forensics

Available media

Full paper text: PDF
Presentation: slides

Bibtex entry

@inproceedings{garfinkel-dfrws12a,
  author       = {Simson Garfinkel and Alex Nelson and Joel Young},
  title        = {A General Strategy for Differential Forensic Analysis},
  booktitle    = {Digital Forensics Research Workshop 2012},
  pages        = {S50--S59},
  month        = aug,
  year         = {2012},
}