Yi-Ching LiaoPh.D. started in: 2013
Year of graduation: 2016
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Hanno Langweg, Katrin Franke
Research area: Digital Forensics
Project title: Process tracking for forensic readiness in OS
Project description: Digital forensics has continued to play an important role in crime investigation. However, existing digital forensics tools are mostly “evidence-oriented” designed and inadequate to meet the needs for anomaly detection and time-lining digital evidence. Rapidly growing storage capacities, huge amount of data, and increasing complexities in computer systems make conducting digital forensics investigations a costly, time and resource consuming work. Moreover, surveys prove current digital forensics tools to be unfriendly and fail to find direct answers requested by high level, case-oriented questions. To fill the gap, this research aims to implement an existing distributed forensic framework with automated analysis technique. The arising issues from the above research goal are: 1. What are the criteria needed to evaluate the usability of forensic tools? 2. How to identify and collect digital evidence without invasion of privacy? 3. What are functions or techniques that can be provided to achieve the goals of effectiveness, efficiency, and satisfaction of forensic tools? Consequently, this research reviews existing methods so as to develop a proactive method to simplify and automate forensic evidence collection, which can assist the investigators with intelligence to prioritize the overwhelming data.