Brian Carrier, Categories of Digital Forensic Investigation Techniques

This talk examines formal concepts of digital forensic investigations. To date, the field has had an applied focus and little theory exists to formally define analysis techniques and requirements. This work defines an extended finite state machine (FSM) model and uses it to describe a computer's history, which contains the primitive and abstract states and events that existed and occurred. Using this model, categories of analysis techniques can be defined. This talk describes the model, describes the categories of analysis techniques, and compares the existing tools to the analysis technique categories. About the speaker: Brian Carrier is the author of \"File System Forensic Analysis\" and several digital forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. He is completing his Ph.D. in computer science at Purdue University. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for the @stake Response Team and Digital Forensic Labs. Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence, is a member of the Honeynet Project, a referee for the Journal of Digital Investigation, and on the committees of several conferences, workshops, and technical working groups.

This talk examines formal concepts of digital forensic investigations. To date, the field has had an applied focus and little theory exists to formally define analysis techniques and requirements. This work defines an extended finite state machine (FSM) model and uses it to describe a computer's history, which contains the primitive and abstract states and events that existed and occurred. Using this model, categories of analysis techniques can be defined. This talk describes the model, describes the categories of analysis techniques, and compares the existing tools to the analysis technique categories. About the speaker: Brian Carrier is the author of \"File System Forensic Analysis\" and several digital forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. He is completing his Ph.D. in computer science at Purdue University. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for the @stake Response Team and Digital Forensic Labs. Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence, is a member of the Honeynet Project, a referee for the Journal of Digital Investigation, and on the committees of several conferences, workshops, and technical working groups.