Universiti Teknologi Malaysia Institutional Repository

Open source forensic tools for linux hard disk investigation

Amin Maree, Bashar (Moh'd Walid) (2010) Open source forensic tools for linux hard disk investigation. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems.

[img] PDF
6Mb
[img] PDF
6Mb
[img] PDF
6Mb

Abstract

As the adoption of the Linux operating system is continually increasing there is a need to document the procedures for forensically examining its hard disk, which is arguably the most valuable source of criminal evidence in a computer system. The presently available material can be described as being too technical, scattered and in some instances outdated. This project aims to highlight the procedures needed to forensically investigate a Linux hard disk using open source tools. Current guidelines have been reviewed in an attempt to extract focal areas that need attention in terms of forensic investigation. The adopted methodology, in this project, consisted of compiling a series of experiments using various open source tools to demonstrate the stages of a complete hard disk digital investigation. The flow of the experiments exhibited the basic concepts needed for understanding volume and file system investigation on a Linux system. The main forensic stages that were covered are the preparation, imaging, volume analysis and file system analysis stages. Additionally the work also exhibited the feasibility of using open source forensic technology. The outcome of this project was a set of clearly defined procedures for the purpose of facilitating the task of a forensic practitioner to digitally investigate a Linux environment. It demonstrated the use of open source forensic methods using the most recent Linux platform at the time of writing. The main advantage of such an approach is its potential to be academically verified and improved and possibly to be eventually adopted in law enforcement agencies. Moreover, it enables unrestricted control of code and development rights of a highly needed security technology without the constraints of a commercially driven market.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains (Komputer Sains-Keselamatan maklumat)) - Universiti Teknologi Malaysia, 2010
Uncontrolled Keywords:forensic tools, Linux operating system, open source tools
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:12067
Deposited By: Ms Zalinda Shuratman
Deposited On:22 Feb 2011 08:02
Last Modified:02 Jul 2012 04:34

Repository Staff Only: item control page