View in EDS

Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.

Saved in:
Bibliographic Details
Title: Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.
Authors: Bogen, Alfred C., Dampier, David A., Vaughn, Rayford, Reese, Donna S., Allen, Edward B., Carver, Jeffrey C.
Source: Journal of Digital Forensic Practice; Jan2010, Vol. 3 Issue 1, p23-32, 10p, 1 Diagram, 7 Charts
Subject Terms: INVESTIGATIONS, METHODOLOGY, FORENSIC sciences, COMPUTER crimes, CRIMINAL investigation, COMPUTER simulation
Abstract: In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Digital Forensic Practice is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Bogen%20AC
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: edb
DbLabel: Complementary Index
An: 48675430
RelevancyScore: 834
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 833.75341796875
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Bogen%2C+Alfred+C%2E%22">Bogen, Alfred C.</searchLink><br /><searchLink fieldCode="AR" term="%22Dampier%2C+David+A%2E%22">Dampier, David A.</searchLink><br /><searchLink fieldCode="AR" term="%22Vaughn%2C+Rayford%22">Vaughn, Rayford</searchLink><br /><searchLink fieldCode="AR" term="%22Reese%2C+Donna+S%2E%22">Reese, Donna S.</searchLink><br /><searchLink fieldCode="AR" term="%22Allen%2C+Edward+B%2E%22">Allen, Edward B.</searchLink><br /><searchLink fieldCode="AR" term="%22Carver%2C+Jeffrey+C%2E%22">Carver, Jeffrey C.</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: Journal of Digital Forensic Practice; Jan2010, Vol. 3 Issue 1, p23-32, 10p, 1 Diagram, 7 Charts
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22INVESTIGATIONS%22">INVESTIGATIONS</searchLink><br /><searchLink fieldCode="DE" term="%22METHODOLOGY%22">METHODOLOGY</searchLink><br /><searchLink fieldCode="DE" term="%22FORENSIC+sciences%22">FORENSIC sciences</searchLink><br /><searchLink fieldCode="DE" term="%22COMPUTER+crimes%22">COMPUTER crimes</searchLink><br /><searchLink fieldCode="DE" term="%22CRIMINAL+investigation%22">CRIMINAL investigation</searchLink><br /><searchLink fieldCode="DE" term="%22COMPUTER+simulation%22">COMPUTER simulation</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. [ABSTRACT FROM AUTHOR]
– Name: Abstract
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Digital Forensic Practice is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edb&AN=48675430
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1080/15567280903376896
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 10
        StartPage: 23
    Subjects:
      – SubjectFull: INVESTIGATIONS
        Type: general
      – SubjectFull: METHODOLOGY
        Type: general
      – SubjectFull: FORENSIC sciences
        Type: general
      – SubjectFull: COMPUTER crimes
        Type: general
      – SubjectFull: CRIMINAL investigation
        Type: general
      – SubjectFull: COMPUTER simulation
        Type: general
    Titles:
      – TitleFull: Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Bogen, Alfred C.
      – PersonEntity:
          Name:
            NameFull: Dampier, David A.
      – PersonEntity:
          Name:
            NameFull: Vaughn, Rayford
      – PersonEntity:
          Name:
            NameFull: Reese, Donna S.
      – PersonEntity:
          Name:
            NameFull: Allen, Edward B.
      – PersonEntity:
          Name:
            NameFull: Carver, Jeffrey C.
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Text: Jan2010
              Type: published
              Y: 2010
          Identifiers:
            – Type: issn-print
              Value: 15567281
          Numbering:
            – Type: volume
              Value: 3
            – Type: issue
              Value: 1
          Titles:
            – TitleFull: Journal of Digital Forensic Practice
              Type: main
ResultId 1