Technical Report: Selective Imaging of File System Data on Live Systems

by   Fabian Faust, et al.

In contrast to the common habit of taking full bitwise copies of storage devices before analysis, selective imaging promises to alleviate the problems created by the increasing capacity of storage devices. Imaging is selective if only selected data objects from an image that were explicitly chosen are included in the copied data. While selective imaging has been defined for post-mortem data acquisition, performing this process live, i.e., by using the system that contains the evidence also to execute the imaging software, is less well defined and understood. We present the design and implementation of a new live Selective Imaging Tool for Windows, called SIT, which is based on the DFIR ORC framework and uses AFF4 as a container format. We discuss the rationale behind the design of SIT and evaluate its effectiveness.


A Survey on the Integration of NAND Flash Storage in the Design of File Systems and the Host Storage Software Stack

With the ever-increasing amount of data generate in the world, estimated...

Forensic analysis of the Windows telemetry for diagnostics

Telemetry is the automated sensing and collection of data from a remote ...

Live-wire 3D medical images segmentation

This report describes the design, implementation, evaluation and origina...

Testing Selective Influence Directly Using Trackball Movement Tasks

Systems factorial technology (SFT; Townsend & Nozawa, 1995) is regarded ...

Revisiting Challenges for Selective Data Protection of Real Applications

Selective data protection is a promising technique to defend against the...

Selective Conformal Inference with FCR Control

Conformal inference is a popular tool for constructing prediction interv...

Live Forensics for Distributed Storage Systems

We present Kaleidoscope an innovative system that supports live forensic...

Please sign up or login with your details

Forgot password? Click here to reset