A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence
abstract: The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. Current forensic practices focus mostly on that of disk forensics, while email forensics is left as an analysis task stemming from t...
| Other Authors: | |
|---|---|
| Format: | Dissertation |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/2286/R.I.20908 |
| id |
ndltd-asu.edu-item-20908 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-asu.edu-item-209082018-06-22T03:04:34Z A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence abstract: The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. Current forensic practices focus mostly on that of disk forensics, while email forensics is left as an analysis task stemming from that practice. As there is no well-defined process to be used for email forensics the comprehensiveness, extensibility of tools, uniformity of evidence, usefulness in collaborative/distributed environments, and consistency of investigations are hindered. At present, there exists little support for discovering, acquiring, and representing web-based email, despite its widespread use. To remedy this, a systematic process which includes discovering, acquiring, and representing web-based email for email forensics which is integrated into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence will be presented. This process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases. Following, an extensible framework implementing this novel process-driven approach has been implemented in an attempt to address the problems of comprehensiveness, extensibility, uniformity, collaboration/distribution, and consistency within forensic investigations involving email evidence. Dissertation/Thesis Paglierani, Justin (Author) Ahn, Gail-Joon (Advisor) Yau, Stephen S (Committee member) Santanam, Raghu T (Committee member) Arizona State University (Publisher) Computer science Acquisition Digital forensics Email Evidence Representation eng 75 pages M.S. Computer Science 2013 Masters Thesis http://hdl.handle.net/2286/R.I.20908 http://rightsstatements.org/vocab/InC/1.0/ All Rights Reserved 2013 |
| collection |
NDLTD |
| language |
English |
| format |
Dissertation |
| sources |
NDLTD |
| topic |
Computer science Acquisition Digital forensics Evidence Representation |
| spellingShingle |
Computer science Acquisition Digital forensics Evidence Representation A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| description |
abstract: The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. Current forensic practices focus mostly on that of disk forensics, while email forensics is left as an analysis task stemming from that practice. As there is no well-defined process to be used for email forensics the comprehensiveness, extensibility of tools, uniformity of evidence, usefulness in collaborative/distributed environments, and consistency of investigations are hindered. At present, there exists little support for discovering, acquiring, and representing web-based email, despite its widespread use. To remedy this, a systematic process which includes discovering, acquiring, and representing web-based email for email forensics which is integrated into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence will be presented. This process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases. Following, an extensible framework implementing this novel process-driven approach has been implemented in an attempt to address the problems of comprehensiveness, extensibility, uniformity, collaboration/distribution, and consistency within forensic investigations involving email evidence. === Dissertation/Thesis === M.S. Computer Science 2013 |
| author2 |
Paglierani, Justin (Author) |
| author_facet |
Paglierani, Justin (Author) |
| title |
A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| title_short |
A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| title_full |
A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| title_fullStr |
A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| title_full_unstemmed |
A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence |
| title_sort |
framework for extended acquisition and uniform representation of forensic email evidence |
| publishDate |
2013 |
| url |
http://hdl.handle.net/2286/R.I.20908 |
| _version_ |
1718700265630072832 |