Abstract
This paper describes a novel, XML-based approach towards managing and querying forensic traces extracted
from digital evidence. This approach has been implemented in XIRAF, a prototype system for forensic analysis. XIRAF systematically
applies forensic analysis tools to evidence files (e.g., hard disk images). Each tool produces structured XML annotations
that can refer to regions (byte ranges) in an evidence file. XIRAF stores such annotations in an XML database, which allows
us to query the annotations using a single, powerful query language (XQuery). XIRAF provides the forensic investigator with
a rich query environment in which browsing, searching, and pre-defined query templates are all expressed in terms of XML
database queries.
Users
Please
log in to take part in the discussion (add own reviews or comments).