Comparison of open source and commercial software in
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

Comparison of open source and commercial software in forensic informatics PowerPoint PPT Presentation


  • 51 Views
  • Uploaded on
  • Presentation posted in: General

Comparison of open source and commercial software in forensic informatics. Trends in forensic informatics. One of the most dynamically improving branches of forensic science In some cases, data digitalizing represents the only way of information archiving

Download Presentation

Comparison of open source and commercial software in forensic informatics

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Comparison of open source and commercial software in forensic informatics

Comparison of open source and commercial software inforensic informatics


Trends in forensic informatics

Trends in forensic informatics

  • One of the most dynamically improving branches of forensic science

  • In some cases, data digitalizing represents the only way of information archiving

  • Digitalizing and computerizing interlopes progressively in all of the advanced countries in the world

    • Positive effects

    • Negative effects:

      • misuse of a computer to commit a crime

      • use computer directly, where digital data are the primary object of an assault

  • Promptly respond to the fact, that it’s necessary to perform quick, certain and specific digital data analysis


The main principles of digital data analysis

The main principles of digital data analysis

  • A possibility to apply standard scientific procedures

  • The main goal of digital forensic analysis consists of confirmation or confutation of appointed conjecture

  • A necessity of the whole process automation

  • Process of analysis consists of:

    • data acquisition and preparation

    • data accessing and sorting

    • data analysis

    • documenting of information and results

    • information and results presentation to competent authority in form of easy understanding


Available software tools

Available software tools

Primary software tools applicable to digital forensics:

  • tools not especially developed for digital forensic investigation

  • tools directly dedicated to digital forensic investigation:

    • commercial tools (EnCase, Forensic ToolKit)

    • shareware, freeware, open source tools (SleuthKit/Autopsy)

    • special licensed tools (e.g. only for legislative investigations – ILook)


Tools directly dedicated to digital forensic investigation

Tools directly dedicated to digital forensic investigation

EnCase

  • commercial product

  • most commonly used

  • expensive

  • own scripting language

  • WIN32 platform


Tools directly dedicated to digital forensic investigation1

Tools directly dedicated to digital forensic investigation

Forensic ToolKit

  • commercial product

  • designated rather for

    routine operations

  • fair price

  • without possibility of

    own scripts addition

  • WIN32 platform


Tools directly dedicated to digital forensic investigation2

Tools directly dedicated to digital forensic investigation

ILook

  • special licensed product

  • free for legislative

    investigations

  • designated for routine

    and exact operations

  • own scripting language

  • plenty of existing scripts

  • analysis report generation

    in Slovak language

  • WIN32 platform


Tools directly dedicated to digital forensic investigation3

Tools directly dedicated to digital forensic investigation

Sluethkit/Autopsy

  • Sleuthkit – set of tools for allocated and unallocated data space documenting

  • Autopsy – graphical

    interface of the tool

  • open source license

  • platforms: UNIX, LINUX,

    WIN32(CYGWIN)…

  • low control comfort

  • relative possibility of

    results verifying


Validation options of obtained results

Validation options of obtained results

  • Process of result correctness contains basically following tests:

    • test of false positives

    • test of false negatives

  • Process of result verification:

    • open source tools have a possibility to check source code on the part of end user

    • commercial software tools are supplied in form of the black box of which results could be verifying by the circular test


Validation options of obtained results1

Validation options of obtained results

Circular test procedure consists of several steps:

  • creation of file, which content is generated by exactly defined symbols (e.g. hexadecimal code “FF”)

  • file system association, formatting

  • creation of data content as well as on the standard data medium (e.g. copying, deleting, etc.)

  • specification of the questions about what exactly should be performed within the frame of the circular test (e.g. to find all files, to find unallocated disk space, to find all files containing the word “forensic”, etc.)

    The whole process of data medium creation, which is designated for the circular test, must be documented and after completing given to participants.


Tools requirements

Tools requirements

Digital forensic analysis tools should meet following basic requirements:

  • treatability of FAT and NTFS file systems (basically most common used file systems)

  • ability to recover deleted content

  • ability to recover lost logical partitions on the data medium

  • searching for files in unallocated disk space

  • known files recognition

  • recognition of unknown or crypted files

  • automatic file content indexing

  • analyzed files checksum generation (CRC, MD5, SHA1)

  • known files exclusion on the basis of the checksum (e.g. operating system files) if the files are not an object of analysis

  • analysis report generation


Tools comparison

Tools comparison


Comparison of open source and commercial software in forensic informatics

Thank you for your attention


  • Login