Towards a standardised strategy to collect and distribute application software artifacts

Authors

Thomas Laurenson, thomas@thomaslaurenson.com
Stephen MacDonell, University of Otago.Follow
Hank Wolfe, University of OtagoFollow

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

Reference sets contain known content that are used to identify relevant or filter irrelevant content. Application profiles are a type of reference set that contain digital artifacts associated with application software. An application profile can be compared against a target data set to identify relevant evidence of application usage in a variety of investigation scenarios. The research objective is to design and implement a standardised strategy to collect and distribute application software artifacts using application profiles. An advanced technique for creating application profiles was designed using a formalised differential analysis strategy. The design was implemented in a live differential forensic analysis tool, LiveDiff, to automate and simplify data collection. A storage mechanism was designed based on a previously standardised forensic data abstraction. The design was implemented in a new data abstraction, Application Profile XML (APXML), to provide storage, distribution and automated processing of collected artifacts.

Comments

13th Australian Digital Forensics Conference, held from the 30 November – 2 December, 2015 (pp. 54-61), Edith Cowan University Joondalup Campus, Perth, Western Australia.

DOI

10.4225/75/57b3f5cffb889