부산대학교 도서관

Due to the widespread utilization of digital devices, and the availability of high-capacity storage devices, the digital forensics investigation process became more and more time consuming. Moreover, among the different operating systems running on these devices, Windows has the largest market share. For these reasons, this article focuses on reducing the time needed for investigation in digital forensic cases dealing with Windows-operated devices. Our objctive is to modify the traditional standard digital investigation process in a way that reduces the consumed time mainly in the imaging phase, providing the means for the experts to find evidences in a much shorter time. In addition to reducing the time, the proposed modification still preserves the integrity of the digital information at the data source in a forensically sound way. The proposed method results a large reduction in process time for Windows-operated devices and gives the experts the opportunity to find the evidences much faster.