|
|
 |
|
Developing a Process Model for the Forensic Extraction of
Information from Desktop Search Applications Timothy Pavlic ABSTRACT
Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.
Keywords: Desktop search,
digital evidence, extraction technique, process model. |
Copyright © 2006 Association of Digital Forensics, Security and Law (ADFSL)