Towards a standardised strategy to collect and distribute application software artifacts
This work addresses the need for efficient forensic analysis in digital investigations, but it is incremental as it builds on existing forensic data abstractions.
The paper tackled the problem of collecting and distributing application software artifacts by designing a standardized strategy using application profiles, resulting in the implementation of LiveDiff for automated data collection and APXML for storage and distribution.
Reference sets contain known content that are used to identify relevant or filter irrelevant content. Application profiles are a type of reference set that contain digital artifacts associated with application software. An application profile can be compared against a target data set to identify relevant evidence of application usage in a variety of investigation scenarios. The research objective is to design and implement a standardised strategy to collect and distribute application software artifacts using application profiles. An advanced technique for creating application profiles was designed using a formalised differential analysis strategy. The design was implemented in a live differential forensic analysis tool, LiveDiff, to automate and simplify data collection. A storage mechanism was designed based on a previously standardised forensic data abstraction. The design was implemented in a new data abstraction, Application Profile XML (APXML), to provide storage, distribution and automated processing of collected artifacts.