Lessons Learned Writing Computer Forensics Tools and Managing a 30TB Digital Evidence Corpus
MetadataShow full item record
Writing digital forensics (DF) tools is difficult because of the diversity of data types that needs to be processed, the need for high performance, the skill set of most users, and the requirement that the software run without crashing. Developing this software is dramatically easier when one possesses a few hundred disks of other people's data for testing purposes. This paper presents some of the lessons learned by the author over the past 14 years developing DF tools and maintaining several research corpora that currently total roughly 30TB.
DFRWS 2012, Aug. 6-8, 2012, Washington, DC.The article of record as published may be found at http://dx.doi.org/10.1016/j.diin.2012.05.002Refereed Conference Paper
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.