Creating Realistic Corpora for Forensic and Security Education
Lee, Christopher A.
MetadataShow full item record
We present work on the design, implementation, distribution, and use of realistic forensic datasets to support digital forensics and security education. We describe in particular the "M57-Patents" scenario, a multi-modal corpus consisting of hard drive images, RAM images, network captures, and images from other devices typically found in forensics investigations such as USB drives and cellphones. Corpus creation has been performed as part of a scripted scenario; subsequently it is less "noisy" than real-world data but retains the complexity necessary to support a wide variety of forensic education activities. Realistic forensic corpora allow direct comparison of approaches and tools across classrooms and institutions, reduce the time required to prepare useful educational materials, and eliminate concerns of exposing students to privacy-sensitive or illegal digital materials. The "M57-Patents" corpus can be freely redistributed without rights-restricted materials, and is available with disk images packaged in both open (Advanced Forensic Format) and commercial (EnCase) formats.
2011 ADFSL Conference on Digital Forensics, Security and LawRefereed Conference Paper
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Woods, Kam; Lee, Christopher A.; Garfinkel, Simson; Dittrich, David; Russell, Adam; Kearton, Kris (AFDSL, 2011-05-25);We present work on the design, implementation, distribution, and use of realistic forensic datasets to support digital forensic and security education. We describe in particular the "M57-Patents" scenario, a multi-modal ...
Wai, Hor Cheong (Monterey, California. Naval Postgraduate School, 2002);Computer Forensics involves the preservation, identification, extraction and documentation of computer evidence stored in the form of magnetically encoded information. With the proliferation of E-commerce initiatives and ...
Homeland Security Affairs Journal, Supplement - 2012: IEEE 2011 Conference on Technology for Homeland Security: Best Papers Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2012);IEEE Supplement 2012. Supplement: IEEE 2011 Conference on Technology for Homeland Security: Best Papers. As the field of homeland defense and security expands and matures, the contributions from various disciplines become ...