In this paper, we describe forensic live analysis and event reconstruction methods in digital crime investigation. This information is forensically interesting because it helps to determine the origin of events by gathering data for analysis and applying the methods of event reconstruction for evidential purposes in the court of law. Our investigation is focussed on Linux systems. We have noted the effectiveness of existing automated event reconstruction systems and we present an experimental study that describes the forensic live response and event reconstruction in digital crime investigation.
|Title of host publication||PGNET 2009|
|Subtitle of host publication||The 10th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting|
|Publisher||Liverpool John Moores University|
|Number of pages||6|
|Publication status||Published - 2009|