Tuesday, November 23, 2010

Open Source Digital Forensics

I have found the Open Source Digital Forensics website via the Internet Storm Center.

The Open Source Digital Forensics site is a reference on the use of open source software in digital investigations. As shown in the papers section, open source software may have legal benefits over closed source software.

  • An investigator can learn and testify about what her open source forensic analysis tools did.
  • An investigator can testify about the conditions that existed in the suspect's open source software for a piece of evidence to be generated (i.e. a log entry).

We do not claim that open source tools are superior to closed source tools. Both can have serious bugs and faults and produce errors. This site provides an easy reference for investigators who are interested in using open source analysis tools during an investigation.

The tools section is really interesting. It covers the following areas:

  • Use to boot a suspect system into a trusted state.
  • Use to collect data from a dead or live suspect system.
  • Use to examine the data structures that organize media, such as partition tables and disk labels.
  • Use to examine a file system or disk image and show the file content and other meta data.
  • Use to analyze the contents of a file (i.e. at the application layer).
  • Use to analyze network packets and traffic. This does not include logs from network devices.
  • Use to analyze memory dumps from computers.
  • Frameworks used to build custom tools.

No comments:

Post a Comment