Evaluated Forensic Tools Comparison

Published Date: 02 Nov 2017

Use the articles to explain what you understanding is of the concept of open source forensic tools. Cover aspects such as the basic principles, problem areas and advantages. Include a section on why and when you would choose to use open source tools

Everything must be properly referenced

(Open Source Software)

Open Source Software (OSS) Brief Explanation:

Open Source Software in a nutshell, is when companies and individual programmers and developers use and develop freely available software and share the source code so that others may adapt, improve, extend, debug and use for own benefits. The sharing of software code can result in complex and reliable software that can compete in the marketplace. OSS is the type of software that doesn’t need license fees and there are no limited restrictions on number of computers the license may run in. In short, this is an open environment where software is free to use, free to amend and distribute. However, one should also observe restrictions related to copyrights and some protection of its open source status. OSS generally has a copyright and this can be a major difference in a public realm between a freeware and software. (Michel Ruffin and Christof Ebert, Alcatel) pg82-86,DOI: 10.1109/MS.2004.1259227.

Von Hippel and von Krogh 2003, define open source software development as an example of "private-collective" innovation. Experienced developers draw recognition benefits from writing freely available software, contribute to develop it, and share their code. These benefits include continuous learning, fun, and reputation (Lakhani and Wolf 2005, Hertel et al. 2003). Making source code available plays an important role in detecting and quickly fixing design and implementation flaws that would have affected the end product. The method allows functional expert to independently verify, validate reliability, quantity and quality of the output. (E. E. Kenneally, 2001,) www.vjolt.net

Companies are slightly or rather heavily moving away from proprietary software to open source development strategy in order to make sure they are winning a share on the market. This will aid them improving on market penetration and increase growth of their products. The Study of Mockus et al, has confirmed that an opportunity to develop open source software escalates systems growth. O’Reilly, Dalle and Jullien also noted on their findings that rapid development of user features are the results of creativity within the open source systems domain. [2] [3]

Simplicity behind open source system has been found to be one among the benefiting factors to its success and widespread adoption. Any software written with simplicity should have minimal complexity in terms of systems user friendliness. [4] Any defects found from the system are rapidly corrected as they are found and thus minimize chances of many defects as opposed to proprietary systems that might require release of service packs and fixes (Mockus et al and S. Wheeler).

Development of open source software products like Linux OS, Apache web server, Sendmail agent, Perl and other powerful internet products is the results of this successful and innovative approach. In a nutshell, the standard of open source software is based on the principle of continuous improvement where it is implemented through frequent releases. [5]

Open Source Forensic Tools:

Of various proprietary digital forensic tools currently in use, open source software has its available free to use forensics tools already been adopted, further developed and used by different user population. These tools are used whenever digital criminal cases occur where data has to be gathered from different sources, and analyzed to get evidence that can incriminate guilty perpetrators. Brian Carrier, in his @stake 2003 research report further emphasized open source tools as recently been developed alternatives, which will provide comparative features to proprietary software. [6]

The evaluation made to compare between two commercially available forensic tools (EnCase & FTK) and an open source forensic tool (Sleuth Kit) came up with similar results though there might be different levels of challenges during implementation. The evaluation further clarified that for accurate verification of evidence, open source tools had been found to be very good compared to other two proprietary products. Conclusions from the senior project team conducted the evaluation was based on tools performance in analysis of data and that all three are recommended to be used for academic purposes. [7]

Evaluated Forensic Tools: Comparison

According to (D. Manson, et. Al, 2007 HICCS) report, among the tools used for evaluation and comparison were two proprietary tools EnCase and FTK and the open source forensic tool, Sleuth Kit. Reason for this evaluation was to measure performance, reliability and scalability of each tool. Three major phases of forensic analysis that were followed during comparison are acquisition, analysis and presentation. Capabilities, advantages and disadvantages were identified for each as summarized below:

EnCase Forensic Tool: [7]

EnCase is one of the powerful digital forensic investigation tools that is used for collection, analysis of data, and forensically report all findings to the court of law. (Guidance software Inc, 2008)www.guidancesoftware.com. Like any other software package/tool available, EnCase is also surrounded with some advantages and problem areas pending on implemented methodology. Some of the advantages and challenges have been highlighted below.

Advantages:

The tool has been found to be more powerful over the other two, with extensive search customization capabilities.

Support of the tool is bundled with purchase price of the software.

Another advantage of EnCase is their DOS and Linux based acquisition tools.

Disadvantages:

Extensive training – while other tools reported to have user friendly GUI, EnCase has been found to require advanced training.

Cost – high amount of buying the software could disadvantage non-corporate users like student, self employed etc…

Cannot store log files for actions taken by examiners during analysis actions.

Extensive search customization that can be a confusing disadvantage to inexperienced examiners.

Very complex, non-intuitive, EnScript from one version may or may not work on other versions.

AccessData Forensics Tool Kit: [7]

FTK as it also known is another proprietary forensic tool that enables forensic practitioners to successfully achieve extensive digital forensic examination that produces acceptable evidence.

Advantages:

Security – both FTK and Sleuth Kit uses SHA1 (Secure Hash Algorithm), a method of security of which EnCase doesn’t provide.

Logging Options – both FTK and Sleuth Kit are capable of logging all examiners’ events during image analysis and EnCase does not.

User friendly – Its GUI has been found to be much user friendly and intuitive.

Support of the tool is bundled with purchase price of the software.

FTK identifies or index and group all files together according to the file header in a database so that the investigator can easily locate interesting files.

Disadvantages:

Cost – high amount of buying the software could disadvantage non-corporate users like students and ordinary users.

Asas

Asas

Sleuth Kit: [7]

Sleuth kit is a UNIX-based command line open source digital forensic tools used to analyze data during forensic investigations. The tools work with Autopsy browser which is a GUI running on top of Linux command. The tools run on Linux, UNIX, OS X, and Windows systems. Sleuth Kit and Autopsy browser are both used for data, image, and file systems analysis. (Brian Carrier, 2003-2013), http://www.sleuthkit.org/

Advantages:

User friendly – making use of autopsy browser the tool has been found to be a necessity especially for users familiar with windows.

Cost – anyone using open source tools will do so at a very low cost as opposed to other proprietary tools.

No reliance to operating system when processing the file system.

Uses TCP protocol that allows simultaneous connections.

Disadvantages:

Minimal support – support for open source software could be at a bare minimal, i.e public support only for troubleshooting.

Open source software might not be too easy to learn and therefore requires time for the tool to be fully understood.

According to analysis, the tool cannot clearly identify encrypted files as opposed to proprietary tools.

Legal Aspects of OSS:

As described above, Open Source Software is that software one may freely adopt, use, edit according to his/her needs and distribute provided that person follow certain procedures and restrictions pertaining to copyright and protection of the source status. Open source software differs from freeware and other software in that it has a copyright.

Open Source Software has two major roles that are relevant to licensing, the licensor who is the author or distributer that holds software’s copyright. The software user will then be a licensee or any other person that embeds or extends and make improvements to the original code. [8]

Benefits of Using Open Source Software:

Open source is still free and available software in use in a sense that there is no license charges and fees required to using and redistributing source code binaries. In short, making an open source product means that product’s source code is freely available under licensing terms but no fee involvement. Users are welcome to apply the freedom of modifying the source, improve their work and distribute the improved work and make it available for free usage and peer review.

This allows developers to focus on producing better software. Like individual users, companies can still serve their purpose of being profit organization while they choose to make their source code freely available. Much of the value provided in an open source business model, is the contribution from developers attracted in working in open source product and who also helps extending productions as opposed to arch-rival. Much of the potential success will then depend on their experienced and willingness to explore and further improve the code. [9]

Quality Assurance Under Open Source Software:

asddd [10]

In conclusion, it is evident that the cyber forensic practitioners and examiners of the near future will not only get traditional storage devices like computers, servers, cell phones and iPads in their digital crime scenes, but an enormous amount of devices that aren’t on the market yet. This evolution has to be accepted by all involved and cyber community to be well prepared and better respond with forensically sound theories, tools, methodologies and practices in order to account in the technology changing world. [10] (Christopher V. Marsico, Marcus K. Rogers), 2005, International Journal of Digital Evidence, www.ijde.org

It should also be recommended that

Open Source's proponents often claim that it offers significant benefits when compared to typical commercial products.

References for Question 1:

Andrew Katz,(2006), available at: http://www.moorcrofts.com/documents/SCL-Open-Source-Intro.pdf,

James W. Paulson, Member, Giancarlo Succi, and Atmin Eberlein,( Members, IEEE Computer Society), April 2004, An empirical study of open-source and closed-source software products, pg 246-256,DOI: 10.1109/TSE.2004.1274044,

A. Mockus, R.T. Fielding, and J. Herbsleb, "A Case Study of Open Source Software Development: The Apache Server," Proc. 22nd International Conference in Software Engineering, 2000

E.S. Raymond, Aug 2003,"The Cathedral and the Bazaar," available at http://www.catb.org/esr/writtings/catedral-bazaar/cathedral-bazaar/

Raghunathan, S.; Prasad, A.; Mishra, B.K.; Hsihui Chang, "Open source versus closed source: software quality in monopoly and competitive markets," Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on , vol.35, no.6, pp.903,918, Nov. 2005

doi: 10.1109/TSMCA.2005.853493

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1519032&isnumber=32515

Carrier. B, Oct 2002, Open Source Digital Forensics Tools: The Legal Argument. [email protected]

Manson. D, Carlin. A, Ramos. S, Gyger. A, Kaufman. M, Treichelt. J, HICSS 2007, Is the Open Way a Better Way? Digital Forensics Using Open Source Tools, pg 266b-266b, DOI: 10.1109/HICSS.2007.301

Ruffin, C.; Ebert, C., "Using open source software in product development: a primer," Software, IEEE , vol.21, no.1, pp.82,86, Jan-Feb 2004

doi: 10.1109/MS.2004.1259227

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1259227&isnumber=28149

Hecker, F., "Setting up shop: The business of open-source software," Software, IEEE , vol.16, no.1, pp.45,51, Jan/Feb 1999, DOI: 10.1109/52.744568

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=744568&isnumber=16092

Khanjani, A.; Sulaiman, Riza, "The process of quality assurance under open source software development," Computers & Informatics (ISCI), 2011 IEEE Symposium on , vol., no., pp.548,552, 20-23 March 2011, DOI: 10.1109/ISCI.2011.5958975

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5958975&isnumber=5958864

(Christopher V. Marsico, Marcus K. Rogers), 2005, International Journal of Digital Evidence, www.ijde.org

Question 2

Under resources you will find a directory named Cloud Forensics. The directory contains 5 articles related to forensics in the cloud, also a very important aspect of digital forensics in the future.

Use the articles to explain what you understanding is of the concept of cloud forensics. Cover aspects such as the basic principles, problem areas and possible solutions.

Everything must be properly referenced

Question 2: (Cloud Forensics)

Cloud Forensics:

Basic Principles:

Problem Areas:

Pros:

Cons:

Possible Solutions:

References for Question 2:

sasa

asas

saas

asas

sasa

asas

asa

asas

sasa

sas

asa

asa

saa

asas

asas