Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.
Carrier B & Spafford E, 2004, 'An Event-Based Digital Forensic Investigation Framework', Digital Forensic Research Workshop, August 11-13, 2004, Baltimore, Maryland, USA
Cifuentes C & Fitzgerald A, 2000, 'The legal status of reverse engineering of computer software', Annals of Software Engineering, Vol 9 no 1-4, May 2000, Springer Netherlands
Cole, B 2005, 'Search engines tackle the desktop', Computer, vol. 38, no. 3, pp. 14-17.
Comella-Dorda, S, Wallnau, K, Seacord, RC & Robert, J 2000, 'A survey of black-box modernization approaches for information systems'. International Conference on Software Maintenance, 11-14 Oct 2000, San Jose, California USA
Conklin, WA, White, GB, Cothren, C, Williams, D & Davis, RL 2004, Principles of Computer Security, McGraw-Hill, New York.
Henrard J, Englebert V, Hick J-M, Roland D & Hainaut J-L, 1998, 'Program understanding in databases reverse engineering', chapter of 'Database and Expert Systems Applications', Springer Berlin
Jarzabek, S & Woon, I 1997, 'Towards a precise description of reverse engineering methods and tools', First Euromicro Conference on Software Maintenance and Reengineering, 17-19 Mar 1997, Berlin, Germany
Kruse II W, Heiser J, 2002, Computer Forensics; incident response essentials, Addison-Wesley, Boston, USA
Marcella A & Greenfield R, 2002, Cyber Forensics; a field guide for collecting, examining, and preserving evidence of computer crimes, Auerbach Publications, New York, USA
Microsoft 2006, FileMon for Windows v7.04, Microsoft TechNet, viewed 2 Nov 2006, .
Reith M, Carr C & Gunsch, G, 2002, ‘An Examination of Digital Forensic Models’, International Journal of Digital Evidence, Vol. 1, no 3, available online at www.ijde.org
Shelly, GB, Cashman, TJ & Vermaat, ME 2001, Discovering Computers 2002: Concepts for a Digital World, Thomson Learning, Boston.
Smith, I 2004, Cost of Hard Drive Space, viewed 22 April 2006, .
Turnbull, B, Blundell, B & Slay, J 2006, 'Google Desktop as a Source of Digital Evidence', International Journal of Digital Evidence, vol. 5, no. 1.
Pavlic, Timothy; Slay, Jill; and Turnbull, Benjamin
"Developing a Process Model for the Forensic Extraction of Information from Desktop Search,"
Journal of Digital Forensics, Security and Law: Vol. 3
, Article 3.
Available at: http://commons.erau.edu/jdfsl/vol3/iss1/3