Australian Digital Forensics Conference

Document Type

Conference Proceeding


secau Security Research Centre, Edith Cowan University, Perth, Western Australia


As ESI (Electronically Stored Information) is included in extent of evidence that become discovery's target in FRCP(Federal Rules of Civil Procedure) taken effect on December 1, 2006, enterprises been always vexing in several litigations need to adapt systems coping with e-Discovery such as ESI administration or information preservation. In this paper, component technologies for all steps of e-Discovery are described in detail, and as a prototype of preparing system for e-Discovery, agent-based information management and control system being able to manage ESI stored at some computers centrally and respond rapidly on demand, extracting discoveryrelated data using digital forensic technologies, are introduced. Apart from fundamental searching and analysing functions, this system can detect user’s abnormal behaviours, generate forensic images remotely, and have a function of controlling related files.


Originally published in the Proceedings of the 9th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, 5th -7th December 2011