Ph.D. started in: 2013
Year of graduation: 2016
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Hanno Langweg, Katrin Franke
Research area: Digital Forensics
Project title: Process tracking for forensic readiness in OS
Project description: Digital forensics has continued to play an important role in crime investigation. However, existing digital forensics tools are mostly “evidence-oriented” designed and inadequate to meet the needs for anomaly detection and time-lining digital evidence. Rapidly growing storage capacities, huge amount of data, and increasing complexities in computer systems make conducting digital forensics investigations a costly, time and resource consuming work. Moreover, surveys prove current digital forensics tools to be unfriendly and fail to find direct answers requested by high level, case-oriented questions.
To fill the gap, this research aims to implement an existing distributed forensic framework with automated analysis technique. The arising issues from the above research goal are:
1. What are the criteria needed to evaluate the usability of forensic tools?
2. How to identify and collect digital evidence without invasion of privacy?
3. What are functions or techniques that can be provided to achieve the goals of effectiveness, efficiency, and satisfaction of forensic tools?
Consequently, this research reviews existing methods so as to develop a proactive method to simplify and automate forensic evidence collection, which can assist the investigators with intelligence to prioritize the overwhelming data.
- Yi-Ching Liao (2016). Process Tracking for Forensic Readiness
- Yi-Ching Liao, Hanno Langweg (2016). Evidential Reasoning for Forensic Readiness
- Yi-Ching Liao (2015). A Survey of Software-Based String Matching Algorithms for Forensic Analysis
- Yi-Ching Liao, Hanno Langweg (2015). Developing Metrics for Surveillance Impact Assessment
- Yi-Ching Liao, Hanno Langweg (2015). Events and causal factors charting of kernel traces for root cause analysis
- Yi-Ching Liao, Hanno Langweg (2014). Cost-benefit analysis of kernel tracing systems for forensic readiness
- Yi-Ching Liao, Hanno Langweg (2014). Process Tracking for Forensic Readiness
- Yi-Ching Liao, Hanno Langweg (2014). Resource-Based Event Reconstruction of Digital Crime Scenes
- Rune Nordvik, Yi-Ching Liao, Hanno Langweg (2014). AccountabilityFS: A File System Monitor for Forensic Readiness
- Yi-Ching Liao, Hanno Langweg (2013). A Survey of Process Activity Tracking Systems
- SWITS, Sweden, 2014
- NISK, Ålesund, Norway, 2015
- COINS Summer School on Cloud Security, Metochi, Greece, 2015
- FRISC Finse winter school, Finse, Norway, 2015
- NorSIS Security Divas, Gjøvik, Norway, 2015
- ISC, Trondheim, Norway, 2015
- FRISC Finse winter school, Finse, Norway, 2014
- CTF, hack.lu, online, 2014
- COINS Ph.D. student seminar, Tromsø, Norway, 2014
- NorSIS Security Divas, Gjøvik, Norway, 2014
- SWITS seminar 2014, Uppsala, Sweden, 2014
- CTF, hack.lu, online, 2013
- NISK, Stavanger, Norway, 2013
- COINS Ph.D. student seminar, Stavanger, Norway, 2013
- MyPhD Workshop, Hamburg, Germany, 2013