Thursday, January 29, 2009
Lightroom forensics - in forensis
I came across an outstanding paper from Sam Peisert, Matt Bishop (both from UC Davis), and Keith Marzullo (UC San Diego) called Computer Forensics In Forensis.
Here's the abstract:
"Different users apply computer forensic systems, models, and terminology in very different ways. They often make incompatible assumptions and reach different conclusions about the validity and accuracy of the methods they use to log, audit, and present forensic data. In fact, it can be hard to say who, if anyone is right. We present several forensic systems and discuss situations in which they produce valid and accurate conclusions and also situations in which their accuracy is suspect. We also present forensic models and discuss areas in which they are useful and areas in which they could be augmented. Finally, we present some recommendations about how computer scientists, forensic practitioners, lawyers, and judges could build more complete models of forensics that take into account appropriate legal details and lead to scientifically valid forensic analysis."
It's written about Computer Forensics, but a lot of the themes carry over to our work and our on-going discussion and debate about how to best utilise these artistic tools in a "forensic" setting.
Here's a good quote:
"Those involved in computer forensics often do not understand one other. Groups have evolved separately with only little interaction. Each group has largely separate conferences, journals, and research locations, and few attempts have successfully brought these groups together. Indeed, the language used to describe computer forensics and even the denition of the term itself varies considerably among those who study and practice it: computer scientists, commercial ventures, practitioners, and the legal profession. As a result, it is dicult for these groups to communicate and understand each others' goals." Amen.
Computer crimes folks preach removing the power cord as a method of shutting down a system. Yet, do that to many Linux based DVRs and you'll loose everything. We seem to be working in the same area of technology, but we each have our issues and the things that are of vital importance.
It's an outstanding paper and well worth reading.