CuFA: A more formal definition for digital forensic artifacts

Breitinger, Frank

doi:10.1016/j.diin.2016.04.005

Titre

CuFA: A more formal definition for digital forensic artifacts

Type

article

Institution

Externe

Périodique

Digital Investigation

Auteur(s)

Harichandran, Vikram S.

Auteure/Auteur

Walnycky, Daniel

Auteure/Auteur

Baggili, Ibrahim

Auteure/Auteur

Breitinger, Frank

Auteure/Auteur

Liens vers les personnes

Breitinger, Frank

ISSN

1742-2876

Statut éditorial

Publié

Date de publication

2016-08

Volume

18

Première page

S125

Dernière page/numéro d’article

S137

Langue

anglais

Résumé

The term “artifact” currently does not have a formal definition within the domain of cyber/digital forensics, resulting in a lack of standardized reporting, linguistic understanding between professionals, and efficiency. In this paper we propose a new definition based on a survey we conducted, literature usage, prior definitions of the word itself, and similarities with archival science. This definition includes required fields that all artifacts must have and encompasses the notion of curation. Thus, we propose using a new term – curated forensic artifact (CuFA) – to address items which have been cleared for entry into a CuFA database (one implementation, the Artifact Genome Project, abbreviated as AGP, is under development and briefly outlined). An ontological model encapsulates these required fields while utilizing a lower-level taxonomic schema. We use the Cyber Observable eXpression (CybOX) project due to its rising popularity and rigorous classifications of forensic objects. Additionally, we suggest some improvements on its integration into our model and identify higher-level location categories to illustrate tracing an object from creation through investigative leads. Finally, a step-wise procedure for researching and logging CuFAs is devised to accompany the model.

Sujets

Forensic artifact, Di...

PID Serval

serval:BIB_4B70E27D7C14

DOI

10.1016/j.diin.2016.04.005