Disk Disposal and Data Recovery

• SSD Forensics 2014. Recovering Evidence from SSD Drives: Understanding TRIM, Garbage Collection and Exclusions, by Yuri Gubanov and Oleg Afonin, 2014
• Why SSD Drives Destroy Court Evidence, and What Can Be Done About It, by Oleg Afonin and Yuri Gubanov, 2012
• Disk Imaging: A Vital Step in Data Recovery, DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
• Drive-Independent Data Recovery: The Current State-of-the-Art, ActionFront Data Recovery Labs, August 2005.
• Secure Deletion of Data from Magnetic and Solid-State Memory, Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996.

@Article{garfinkel:remembrance,

author =       "Simson Garfinkel and Abhi Shelat", author_a =       "Simson L. Garfinkel and Abhi Shelat", title =        "Remembrance of Data Passed", journal =      "{IEEE} Security and Privacy Magazine", publisher =    "IEEE", year      =         "2002", month     = Jan, url="https://simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf"

}

Evidence Gathering

• Retrieving Digital Evidence: Methods, Techniques and Issues, by Yuri Gubanov, 2012
• Byteprints: A Tool to Gather Digital Evidence, Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005

Fake Information

• Automatic Detection of Fake File Systems, Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.

Feature Extraction and Data Fusion

Computer Location Determination Through Geoparsing and Geocoding of Extracted Features http://www.chadsteel.com/pubs/Geolocation.pdf @inproceedings{garfinkel:cda,

title="Forensic feature extraction and cross-drive analysis", author="Simson Garfinkel", booktitle={Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS)}, address = "Lafayette, Indiana", journal="Digital Investigation", year=2006, month=Aug, url="https://simson.net/ref/2006/drives-crcs.pdf", location="Lafayette, Indiana"

}

Text Mining

Computer Forensic Text Analysis with Open Source Software, by Christian Johansson, Masters Thesis, Blekinge Tekniska Hogskola, June 2003

Signed Evidence

@article{duerr-2004,

title="Information Assurance Applied to Authentication of Digital Evidence", author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas", year=2004, journal="Forensic Science Communications", volume=6, number=4, url="https://su.diva-portal.org/smash/get/diva2:457220/FULLTEXT01"

}

@article{OppligerR03,

author    = {Rolf Oppliger and Ruedi Rytz}, title     = {Digital Evidence: Dream and Reality}, journal   = {IEEE Security {\&} Privacy}, volume    = {1}, number    = {5}, year      = {2003}, pages     = {44-48}, url       = {https://www.computer.org/csdl/magazine/sp/2003/05/j5044/13rRUwhpBCg}, abstract="Digital evidence is inherently weak. New evidence-gathering technologies-digital black boxes-must be developed and deployed to support investigations of irreproducible events such as digitally signing a document."

}

Theory

A Hypothesis-Based Approach to Digital Forensic Investigations, by Brian D. Carrier, Ph.D. Dissertation Purdue University, May 2006

Other Papers

• A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?, by Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.