Open source forensic tools for linux hard disk investigation
As the adoption of the Linux operating system is continually increasing there is a need to document the procedures for forensically examining its hard disk, which is arguably the most valuable source of criminal evidence in a computer system. The presently available material can be described as bein...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2010
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/12067/1/BasharAminMareeMFSKSM2010.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | As the adoption of the Linux operating system is continually increasing there is a need to document the procedures for forensically examining its hard disk, which is arguably the most valuable source of criminal evidence in a computer system. The presently available material can be described as being too technical, scattered and in some instances outdated. This project aims to highlight the procedures needed to forensically investigate a Linux hard disk using open source tools. Current guidelines have been reviewed in an attempt to extract focal areas that need attention in terms of forensic investigation. The adopted methodology, in this project, consisted of compiling a series of experiments using various open source tools to demonstrate the stages of a complete hard disk digital investigation. The flow of the experiments exhibited the basic concepts needed for understanding volume and file system investigation on a Linux system. The main forensic stages that were covered are the preparation, imaging, volume analysis and file system analysis stages. Additionally the work also exhibited the feasibility of using open source forensic technology. The outcome of this project was a set of clearly defined procedures for the purpose of facilitating the task of a forensic practitioner to digitally investigate a Linux environment. It demonstrated the use of open source forensic methods using the most recent Linux platform at the time of writing. The main advantage of such an approach is its potential to be academically verified and improved and possibly to be eventually adopted in law enforcement agencies. Moreover, it enables unrestricted control of code and development rights of a highly needed security technology without the constraints of a commercially driven market. |
|---|