Resource-based Event Reconstruction of Digital Crime Scenes presented at JISIC 2014

by Yi-ching Liao, Hanno Langweg,

Summary : To ensure that the potential evidence is readily available in an acceptable form when an incident or a crime occurs, we
propose a resource-based event reconstruction prototype that corresponds to different phases of digital forensics
framework, and demonstrate its feasibility by assessing the applicability of existing open-source applications to the proposed
prototype. The feasibility study results show that the proposed prototype can enhance the capability of an organization for
collecting, preserving, protecting, and analysing digital evidence by regarding system resources as an evidence source and
system calls as digital events.