Hash based disk imaging using AFF4
| Data(s) |
01/08/2010
|
|---|---|
| Resumo |
Forensic imaging has been facing scalability challenges for some time. As disk capacity growth continues to outpace storage IO bandwidth, the demands placed on storage and time are ever increasing. Data reduction and de-duplication technologies are now commonplace in the Enterprise space, and are potentially applicable to forensic acquisition. Using the new AFF4 forensic file format we employ a hash based compression scheme to leverage an existing corpus of images, reducing both acquisition time and storage requirements. This paper additionally describes some of the recent evolution in the AFF4 file format making the efficient implementation of hash based imaging a reality. |
| Identificador | |
| Publicador |
Elseveir |
| Relação |
DOI:10.1016/j.diin.2010.05.015 Schatz, Bradley & Cohen, Michael (2010) Hash based disk imaging using AFF4. In Digital Investigation : The Proceedings of the Tenth Annual Digital Forensic Research Workshop Conference, Elseveir, Portland, Oregon, S121-S128. |
| Fonte |
Faculty of Science and Technology; Information Security Institute |
| Palavras-Chave | #080303 Computer System Security #080403 Data Structures #080603 Conceptual Modelling #Digital forensics #Representation #Evidence containers |
| Tipo |
Conference Paper |
