filmov
tv
Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing
Показать описание
The acquisition of data from main memory or from hard disk storage is usually one of the first steps in a forensic investigation. We revisit the discussion on quality criteria for “forensically sound” acquisition of such storage and propose a new way to capture the intent to acquire an instantaneous snapshot from a single target system.
The idea of our definition is to allow a certain flexibility into when individual portions of memory are acquired, but at the same time require being consistent with causality (i.e., cause/effect relations).
Our concept is much stronger than the original notion of atomicity defined by Vömel and Freiling (2012) but still attainable using copy-on-write mechanisms. As a minor result, we also fix a conceptual problem within the original definition of integrity.
The idea of our definition is to allow a certain flexibility into when individual portions of memory are acquired, but at the same time require being consistent with causality (i.e., cause/effect relations).
Our concept is much stronger than the original notion of atomicity defined by Vömel and Freiling (2012) but still attainable using copy-on-write mechanisms. As a minor result, we also fix a conceptual problem within the original definition of integrity.
0:28:41
0:05:27
0:28:41
0:09:41
0:05:50
0:42:43
0:15:55
0:13:26
0:04:00
0:00:46
0:00:35
0:53:32
0:09:42
0:16:55
0:13:06
0:09:49
0:41:56
0:49:36
0:09:17
0:07:20
0:04:42
0:00:43
0:24:38
0:00:20