•  
  •  
 

Abstract

Software tools designed for disk analysis play a critical role today in forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis. In this paper, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our proof of concept design and implementation of AUDIT intelligently integrates open source tools and guides non-IT professionals while requiring minimal technical knowledge about the disk structures and file systems of the target disk image.

References

ArxSys (2014). Digital Forensics Framework. Retrieved on August 18th from http://www.digital-forensic.org

Beebe, N. (2009). Digital forensic research: The good, the bad and the unaddressed. Gilbert Peterson and Sujeet Shenoi, editors, Advances in Digital Forensics V, volume 306 of IFIP Advances in Information and Communication Technology, 17-36. Springer, Boston.

Carrier, B. (2005). File System Forensic Analysis. Pearson Education.

Carrier, B. (2014a). The Sleuth Kit. Retrieved on August 18th from http://www.sleuthkit.org

Carrier, B. (2014b). Digital Forensics Tool Testing Images. Retrieved on August 18th from http://dftt.sourceforge.net

Case, A., Cristina, A., Marziale, L., Richard, G.G., and Roussev, V. (2008). Face: Automated digital evidence discovery and correlation. Digital Investigation, 65-75. The Proceedings of the Eighth Annual DFRWS Conference, 2008.

Engelmore, R. S., and Feigenbaum, E. (1993). Knowledge-Based Systems in Japan, WTEC Hyper-Librarian, 1993. Find_SSNs (2014). Retrieved on August 18th from http://security.vt.edu/resources_and_ information/find_ssns.html

Garfinkel, S. L. (2009). Automating disk forensic processing with sleuthkit, xml and python. Approaches to Digital Forensic Engineering, Fourth International IEEE Workshop, 73-84.

Garfinkel, S. L., Farrell, P., Roussev, V., and Dinolt, G. (2009). Bringing Science to Digital Forensics with Standardized Forensic Corpora. DFRWS. Montreal.

Garfinkel, S.L., Parker-Wood, A., Huynh, D., and Migletz, J. (2010). An automated solution to the multiuser carved data ascription problem. Information Forensics and Security, IEEE Transactions, 868-882.

Hibshi, H., Vidas, T., and Cranor, L. (2011). Usability of forensics tools: A user study. IT Security Incident Management and IT Forensics (IMF), 81-91.

Hoelz, B.W.P., Ralha, C.G., and Geeverghese, R. (2009). Artificial intelligence applied to computer forensics. Proceedings of the 2009 ACM symposium on Applied Computing, SAC 09, 883-888. New York.

James, J., and Gladyshev, P. (2013). Challenges with Automation in Digital Forensic Investigations CoRR, 2013. {abs/1303.4498}

Liao, N., Tian, S., and Wang, T. (2009). Network forensics based on fuzzy logic and expert system. Computer Communications, 32, 1881-1892.

Meyers, M., and Rogers, M. (2004). Computer Forensics: The Need for Standardization and Certification. International Journal of Digital Evidence, Purdue University, 2004, Fall 2004, 3.

Poisel, R., Tjoa, S. (2011). Roadmap to Approaches for Carving of Fragmented Multimedia Files. Proceedings of The 4th International Workshop on Digital Forensics (WSDF11). IEEE Press, Wien.

Riley, G. (2014). A Tool for Building Expert Systems. Retrieved on August 18th from http://clipsrules.sourceforge.net Scalpel (2014). Retrieved on August 18th from https://github.com/machn1k/Scalpel-2.0

Stallard, T., Levitt, K. (2003). Automated Analysis for Digital Forensic Science: Semantic Integrity Checking. Proceedings of the 19th Annual Computer Security Applications Conference, IEEE Computer Society, 2003, 160.

Vermaas, O., Simons, J., Meijer, R., Huebner, E., Zanero, S. (Eds.) (2010). Open Computer Forensic Architecture a Way to Process Terabytes of Forensic Disk Images. Open Source Software for Digital Forensics. Springer US, 2010, 45-67.

DOI

http://doi.org/10.15394/jdfsl.2014.1176

Share

COinS
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.