Developing a Process Model for the Forensic Extraction of Information from Desktop Search Applications

Timothy Pavlic; Jill Slay; Benjamin Turnbull

Journal of Digital Forensics, Security and Law (Mar 2008)

Developing a Process Model for the Forensic Extraction of Information from Desktop Search Applications

Timothy Pavlic,
Jill Slay,
Benjamin Turnbull

Affiliations

Timothy Pavlic: School of Computer and Information Science University of South Australia
Jill Slay: Defence and Systems Institute University of South Australia
Benjamin Turnbull: Defence and Systems Institute University of South Australia

Journal volume & issue: Vol. 3, no. 1
pp. 35 – 56

Abstract

Read online

Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.

Published in Journal of Digital Forensics, Security and Law

ISSN: 1558-7215 (Print); 1558-7223 (Online)
Publisher: Association of Digital Forensics, Security and Law
Country of publisher: United States
LCC subjects: Law: Law in general. Comparative and uniform law. Jurisprudence: Comparative law. International uniform law: Criminal law and procedure
Website: http://www.jdfsl.org

About the journal