Triage visualization for digital media exploitation

Loading...
Thumbnail Image
Authors
Henderson, Glenn
Subjects
digital forensics, visualization, triage
Advisors
Garfinkel, Simson
Date of Issue
2013-09
Date
Sep-13
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
Digital forensic examiners are overwhelmed by case loads and data volumes and must prioritize their work. This thesis hypothesis that digital forensic examiners can employ triage visualizations to prioritize work loads. This thesis presents a simple one page visualization of disk activity for Windows FAT and NTFS filesystems. The visualization is constructed from filesystem meta data carved by the open source bulk_extractor digital forensics application. The visualization does not require further examination or reconstruction of file system metadata. The visualization is able to detect minor obfuscation or modification and overwriting of file system timestamps.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections