Digital Forensics Techniques and Processes | HiSEC Information Security Laboratory
Research on digital evidence acquisition, integrity verification, timeline reconstruction, and forensic workflow automation.
Digital Forensics Techniques and Processes
Digital evidence must remain procedurally reliable from acquisition to reporting. This research area refines evidence acquisition and analysis procedures for storage media, file systems, operating system artifacts, logs, mobile traces, and cloud records, with an emphasis on reproducible analysis and tool-supported workflows.
Research Questions
How can evidence integrity be verified across acquisition, analysis, preservation, and reporting?; How can incident timelines and user activities be reconstructed in a reproducible way?; How can repetitive analysis tasks be automated while preserving verifiability?
Methods
Evidence image acquisition and hash-based integrity verification; File system, operating system, and application artifact analysis; Timeline reconstruction, log correlation, and reporting workflow automation
Applications
Digital evidence analysis; Incident investigation; Evidence preservation consulting
Representative Topics
Evidence Acquisition, Integrity Verification, Analysis Process, Forensic Reporting