Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing
Détails
Etat: Public
Version: Final published version
Licence: Non spécifiée
ID Serval
serval:BIB_F9E4FD8F2F1E
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing
Titre de la conférence
Proceedings of the Digital Forensics Research Conference Europe (DFRWS EU)
Statut éditorial
Publié
Date de publication
31/03/2022
Peer-reviewed
Oui
Langue
anglais
Résumé
The acquisition of data from main memory or from hard disk storage is usually one of the first steps in a forensic investigation. We revisit the discussion on quality criteria for “forensically sound” acquisition of such storage and propose a new way to capture the intent to acquire an instantaneous snapshot from a single target system. The idea of our definition is to allow a certain flexibility into when individual portions of memory are acquired, but at the same time require being consistent with causality (i.e., cause/effect relations). Our concept is much stronger than the original notion of atomicity defined by Vömel and Freiling (2012) but still attainable using copy-on-write mechanisms. As a minor result, we also fix a conceptual problem within the original definition of integrity.
Mots-clé
storage acquisition, instantaneous snapshot, correctness, integrity
Site de l'éditeur
Création de la notice
18/05/2022 9:33
Dernière modification de la notice
20/07/2022 7:14
Données d'usage
