Adaptation of PyFlag to Efficient Analysis of Seized Computer Data Storage

Authors

Aleksander Byrski, AGH University of Science and Technology
Wojciech Stryjewski, AGH University of Science and Technology
Bartłomiej Czechowicz, AGH University of Science and Technology

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Based on existing software aimed at investigation support in the analysis of computer data storage seized during investigation (PyFlag), an extension is proposed involving the introduction of dedicated components for data identification and filtering. Hash codes for popular software contained in NIST/NSRL database are considered in order to avoid unwanted files while searching and to classify them into several categories. The extension allows for further analysis, e.g. using artificial intelligence methods. The considerations are illustrated by the overview of the system's design.

References

Booch, G., Rumbaugh, J., Jacobson, I. (1998). The Unified Modeling Language User Guide. Addison-Wesley.

Chen, P. (2002). Entity-relationship modeling: Historical events, future trends, and lessons learned. In: In: Software Pioneers: Contributions to Software Engineering. Springer, pp. 297-310.

Cohen, M. (2008). PyFlag an advanced network forensic framework. Digital Investigation 5 (1).20

Cohen, M., Collett, D. (2005) Python Forensic Log Analysis Gui (PyFlag). http://www.pyflag.net.

Fischer, G. (2000) Przestępstwa komputerowe i ochrona informacji. Aspekty prawno-kryminalistyczne (Computer crimes and information security. Law and criminalistic aspects, in Polish). Kantor Wydawniczy Zakamycze, Warsaw.

Goc, M., Moszczyński, J. (Eds.) (2007). Ślady kryminalistyczne (Criminalistic traces, in Polish). DIFIN Warsaw.

Oppliger, R. (2001). Contemporary Cryptography. Artech House.

Russell, S., Norvig, P., 1995. Arti_cial Intelligence: Modern Approach. Prentice Hall.

Summerfield, M. (2008). Programming in Python 3: A Complete Introduction to the Python Language. Addison-Wesley Professional.

Szyperski, C. (2002). Component Software: Beyond Object-Oriented Programming. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.

US Department of Justice (2004). Forensic examination of digital evidence: A guide for law enforcement. Tech. rep., U.S. Department of Justice, National Institute of Justice Special Report 199408.

Van Rossum, G., Drake Jr., F. (2006). The Python Language Reference Manual (version 2.5). Network Theory Ltd.

Recommended Citation

Byrski, Aleksander; Stryjewski, Wojciech; and Czechowicz, Bartłomiej (2010) "Adaptation of PyFlag to Efficient Analysis of Seized Computer Data Storage," Journal of Digital Forensics, Security and Law: Vol. 5 , Article 3.
DOI: https://doi.org/10.15394/jdfsl.2010.1071
Available at: https://commons.erau.edu/jdfsl/vol5/iss1/3