nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

15. Standard for the Electronic Evidence Exchange

verfasst von : Mattia Epifani, Fabrizio Turchi

Erschienen in: Handling and Exchanging Electronic Evidence Across Europe

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Within the activities of the Evidence Project, it has been proposed a standard for the representation of the data and metadata involved in the electronic evidence exchange process. The main aim is to consider the widest range of forensic information and processing results including legal requirements. The standard consists of a set of data and metadata for describing all actions (i.e., tasks), actors (e.g., subjects, victims, authorities, examiners, etc.), tools (i.e., digital tools for carrying out different forensic processes), digital and physical objects involved in the investigative case (e.g., hard disk, smartphone, memory dump, etc.) and objects relationships (e.g., contains, extracted from, etc.); formal languages for representing in a standard way all the elements above cited; a platform for implementing the exchange process in terms of functionalities along with a recommendation for an integration with existing platforms already in place and run by European/international public bodies.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Some Societal Factors Impacting on the Potentialities of Electronic Evidence

Nächstes Kapitel Connecting the Dots: A Tale of Giants and Dwarfs, or How to Manage, Disseminate, Network and Present Your Research

Evidence Project—“European Informatics Data Exchange Framework for Courts and Evidence”, www.evidenceproject.eu.

In the forensics community there is no a general agreement on the exact meaning of the evidence provenance, although all experts unanimously consider the great importance of the provenance in digital forensics investigation. Some experts see the provenance as chain of custody documentation (Turner, 2005a), other interpret the provenance as the “the set of tools and transformations that led from acquired raw data to the final findings” (Levine and Liberatore, 2009).

Public Prosecutor speech during a 2 days meeting held in Florence, on 8–9 April 2015.

The main important system in the evidence exchange is SIENA, that stands for Secure Information Exchange Network Application. It is a secure communication system managed by EUROPOL and dedicated to the EU law enforcement community. The storage and exchange of information through SIENA is properly governed by legal framework, observing strong data protection regime. SIENA is used for exchanging personal information related to the crime areas within the mandate of EUROPOL, including EU restricted information. Basically, the SIENA application is a tool used for exchanging case relevant information (operational information).

See section Forensic Toolkit in the Digital Forensic Tools Catalogue at http://wp4.evidenceproject.eu.

See, for example, the File Carving or Application Forensics categories in the Digital Forensic Tools Catalogue.

MAC times are pieces of file system metadata that record when certain events pertaining to a computer file occurred most recently. M stands for Modify, A for Access and C for Change or Create.

The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), https://www.mitre.org.

http://capec.mitre.org.

http://maec.mitre.org.

http://stix.mitre.org.

http://taxii.mitre.org.

https://www.enisa.europa.eu.

https://www.enisa.europa.eu/activities/cert/support/actionable-information/actionable-information-for-security.

https://www.enisa.europa.eu/activities/cert/support/actionable-information/standards-and-tools-for-exchange-and-processing-of-actionable-information.

For the current list of objects, see https://cyboxproject.github.io/documentation/objects.

For a complete list see https://cyboxproject.github.io/documentation/object-relationships.

The UCO element ucoCommon:InformationSourceType that details the source of a given data entry.

A basic example, called basic_example.xml has been provided, by the DFAX developers, on the Github site—the well-known a web-based Git repository hosting service—via the http://github.com/DFAX/dfax/tree/master/examples.

Plaso is a Python-based backend engine for the tool log2timeline, developed and maintained by Google. log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

psort is a command line tool to post-process plaso storage files. It allows you to filter, sort and run automatic analysis on the contents of plaso storage files.

A format similar to the Comma Separated Value.

Alink W, Bhoedjang R, Boncz P, de Vries A (2006) XIRAF - XML-based indexing and querying for digital forensics. Digit Invest 3(Suppl):50–58CrossRef

Barnum S, Martin R, Worrell B, Kirillov I (2012) The CybOX language specification, Version 1.0. MITRE. https://cybox.mitre.org/language/specifications/CybOX_Language_Core_Specification_v1.0.pdf

Bhoedjang RAF, van Ballegooij AR, van Beek HMA et al (2012) Engineering an online computer forensic service. Digit Invest 9(2):96–108CrossRef

Casey E, Back G, Barnum S (2015) Leveraging CybOX to standardize representation and exchange of digital forensic information. Digit Invest 12:102–110. https://www.sciencedirect.com/science/article/pii/S1742287615000158 CrossRef

Chabot Y, Bertaux A, Nicolle C, Kechadi T (2015) An ontology-based approach for the reconstruction and analysis of digital incidents timelines. Digit Investig 15:83–100. https://doi.org/10.1016/j.diin.2015.07.005 CrossRef

Cohen M, Schatz B, Garfinkel S (2009) Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow. Digit Invest 6(Suppl):57–68CrossRef

Danyliw (2007) tools.ietf.org/html/rfc5070

Garfinkel S (2006) Forensic feature extraction and cross-drive analysis. Digit Invest 3(Suppl) :71–81CrossRef

Garfinkel S (2009) Automating disk forensic processing with SleuthKit. In: XML and Python, Systematic approaches to digital forensics engineering (IEEE/SADFE 2009), Oakland

Garfinkel S (2012a) Digital forensics XML and the DFXML toolset. Digit Invest 8:161–174CrossRef

Garfinkel S (2012b) Digital forensics XML and the DFXML toolset. Digit Invest 9(3–4):161–174CrossRef

Inacio (2012) tools.ietf.org/html/draft-inacio-mile-forensics-00

ISO/IEC 27037:2012 (2012) Information technology—Security techniques—Guidelines for identification, collection, acquisition and preservation of digital evidence

ISO/IEC 27042:2015 (2015) Information technology—Security techniques—Guidelines for the analysis and interpretation of digital evidence

Levine BN, Liberatore M (2009) DEX: Digital evidence provenance supporting reproducibility and comparison. Digit Invest 6:48–56. github.com/umass-forensics/DEX-forensics CrossRef

Schatz B (2007) Digital evidence: representation and assurance, PhD dissertation, Queensland University of Technology. eprints.qut.edu.au/16507/1/Bradley_Schatz_Thesis.pdf

Turner P (2005a) Digital provenance—interpretation, verification and corroboration. Digit Invest 2(1):45–49CrossRef

Turner P (2005b) Unification of digital evidence from disparate sources (digital evidence bags). Digit Invest 2(3):223–228CrossRef

Turner P (2006) Selective and intelligent imaging using digital evidence bags. Digit Invest 3(Suppl):59–64CrossRef

Titel: Standard for the Electronic Evidence Exchange
verfasst von: Mattia Epifani
Fabrizio Turchi
Verlag: Springer International Publishing
Buch: Handling and Exchanging Electronic Evidence Across Europe
Print ISBN: 978-3-319-74871-9

Electronic ISBN: 978-3-319-74872-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-74872-6_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"