What Is Digital Forensics And Open Source Tool?

What Is Digital Forensics And Open Source Tool?

What Is Digital Forensics And Open supply Tool? – In digital forensics, we have a tendency to rely on our experience as examiners to interpret knowledge and data retrieved by our tools. to supply findings, we have a tendency to should be able to trust our tools. once we use closed supply tools completely, we’ll forever have a veil of abstraction between our minds and also the truth that’s not possible to eliminate.

We wrote this book to fill many wants. First, we have a tendency to wished to supply a piece that incontestable the complete capabilities of open supply forensics tools. several examiners that square measure tuned in to which use open supply tools aren’t aware that you just will really perform a whole investigation exploitation entirely open supply tools. Second, we have a tendency to wished to shine a lightweight on the persistence and availableness (and later examination) of a large kind of digital artifacts. it’s our sincere hope that the reader learns to know the wealth of data that’s obtainable to be used in a very Trhetorical examination.


To continue any, we have a tendency to should outline what we have a tendency to mean by “Digital Forensics” and what we have a tendency to mean by “Open supply.”

What Is Digital Forensics And Open supply Tool?

What Is “Digital Forensics?

At the primary Digital Forensics analysis Workshop (DFRWS) in 2001, digital forensics was outlined as:


The use of scientifically derived and tried ways toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital proof derived from digital sources for the aim of facilitating or furthering the reconstruction of events found to be criminal, or serving to to anticipate unauthorized actions shown to be turbulent to planned operations.

While digital forensics techniques square measure utilized in additional contexts than simply criminal investigations, the principles and procedures square measure additional or less constant in spite of the investigation. whereas the investigation kind might vary wide, the sources of proof typically don’t. Digital rhetorical examinations use computer-generated knowledge as their supply. traditionally this has been restricted to magnetic and optical storage media, however progressively snapshots of memory from running systems square measure the themes of examination.

Digital forensics is alternately (and simultaneously!) delineated as Associate in Nursing art and a science. In rhetorical Discovery, Wietse Venema and Dan Farmer create the argument that now and then the examiner acts as a digital archeologist and, at different times, a digital scientist.

Digital archeology is concerning the direct effects from user activity, like file contents, file interval stamps, info from deleted files, and network flow logs. … Digital earth science is concerning autonomous processes that users don’t have any direct management over, like the allocation and exercise of disk blocks, file ID numbers, memory pages or method ID numbers.

This mental model of digital forensics could also be additional re than the “digital ballistics” trope that has been used traditionally. nobody ever faults Associate in Nursing archeologist for acting on the first copy of a 4000-year-old pyramid, for instance. Like archeology and social science, digital forensics combines parts from “hard” or scientific discipline with parts from “soft” or scientific discipline.

Many have created the suggestion that the categorisation of the art and science of rhetorical analysis isn’t a contradiction in the slightest degree, however merely a clear inconsistency arising from the conflation of the 2 aspects of the practice: the science of forensics combined with the art of investigation. Applying methodology and abstract thought to knowledge is that the science—interpreting these knowledge to reconstruct a happening is that the art.

On his data processor, Brian Carrier makes the argument that bearing on the apply as “digital forensics” could also be partly guilty for a few of this. whereas ancient crime scene rhetorical analysts square measure tasked with responsive terribly separate questions on subsets of proof exhibit to them by detectives, digital rhetorical examiners typically wear each hats. Carrier prefers the term “digital rhetorical investigation” to form this distinction clear.

The Digital Forensics Process

The process of digital forensics can be broken down into three categories of activity:
acquisition, analysis, and presentation.

  • Acquisition
    • Acquisition refers to the collection of digital media to be examined. Depending on the type of examination, these can be physical hard drives, optical media, storage cards from digital cameras, mobile phones, chips from embedded devices, or even single document files. In any case, media to be examined should be treated delicately. At a minimum the acquisition process should consist of creating a duplicate of the original media (the working copy) as well as maintaining good records of all actions taken with any original media.
  • Analysis
    • Analysis refers to the actual media examination—the “identification, analysis, and interpretation” items from the DFRWS 2001 definition. Identification consists of locating items or items present in the media in question and then further reducing this set to items or artifacts of interest. These items are then subjected to the appropriate analysis. This can be file system analysis, file content examination, log analysis, statistical analysis, or any number of other types of review. Finally, the examiner interprets results of this analysis based on the examiner’s training, expertise, experimentation, and experience.
  • Presentation
    • Presentation refers to the process by which the examiner shares results of the analysis phase with the interested party or parties. This consists of generating a report of actions taken by the examiner, artifacts uncovered, and the meaning of those artifacts. The presentation phase can also include the examiner defending these findings under challenge.

Note that findings from the analysis phase can drive additional acquisitions, each of which will generate additional analyses, etc. This feedback loop can continue for numerous cycles given an extensive network compromise or a long-running criminal investigation.

This book deals almost exclusively with the analysis phase of the process, although basic acquisition of digital media is discussed.

What Is Digital Forensics And Open Source Tool?

What is “Open Source?”

Generically, “open source” means that simply that: the ASCII text file is open and offered for review. However, simply because you’ll be able to read the ASCII text file doesn’t mean you have got license to try and do the rest with it. The Open supply Initiative has created a proper definition that lays out the necessities for a package license to be really open supply. in an exceedingly shell, to be thought-about open supply, a bit of package should be freely redistributable, should give access to the ASCII text file, should enable the tip user to change the ASCII text file at can, and should not limit the tip use of the package. For a lot of detail, see the total definition at the Open supply Initiative’s website.

What Is Digital Forensics And Open supply Tool?

“Free” vs “Open”

Due to the overloading of the word “free” within the West Germanic language, confusion regarding what “free” package is will arise. package offered freed from charge (gratis) isn’t essentially free from restriction (libre). within the open supply community, “free package” typically means that software thought-about “open source” and while not restriction, additionally to sometimes being offered at no price. this can be in distinction to numerous “freeware” applications typically found on Windows system offered entirely in binary, practicable format however at no price.

This core material of this book is targeted on the utilization of open supply package to perform digital rhetorical examinations. “Freeware” closed supply applications that perform a perform not met by any offered open supply tools or that square measure otherwise extremely helpful square measure mentioned within the Appendix.

Benefits of Open supply Tools

There square measure nice several fiery screeds regarding the advantages of open supply package, the ethics of package licensing, and therefore the evils of proprietary package. we’ll not repeat them here, however {we will|we’ll|we square measure going to} define some of the foremost compelling reasons to use open supply tools that are specific to digital forensics.


When the authors entered the digital forensics field, there have been 2 routes to turning into associate degree examiner. the primary was via a enforcement or military career, and therefore the second was to show yourself (with the authors representing every of those routes). In either state of affairs, one among the simplest ways in which to find out was by victimisation freely offered tools (and within the self-taught state of affairs, the sole way!). Today, there square measure varied school programs associate degreed coaching programs offered to an aspiring examiner, however there’s still one thing to be same for learning by doing. The authors are victimisation open supply tools throughout their careers in digital forensics, we have a tendency to|and that we} each haven’t any doubt that we square measure much better examiners than we might are otherwise.

Using open supply tools to find out digital forensics has many advantages. First, open supply tools innately “show their work.” you’ll be able to execute the tool, examine the choices and output, and eventually examine the code that made the output to grasp the logic behind the tool’s operation. For the needs of little examination situations, you’ll be able to run the tools on unspecified hardware you have got access to—no multithousand greenback deluxe rhetorical digital computer needed. Finally, you furthermore mght have access to an obsessive community of examiners, developers, and enthusiasts able to facilitate you—provided you’ve done a small indefinite quantity of legwork before dismissing queries answered trivially by a Google search.

Portability and suppleness

Another key profit to the tools lined during this book by and huge is that they’re all moveable and versatile. By moveable we tend to mean that you just will simply take your toolkit with you as you progress from one system to a different, from one OS to a different, or from one job to a different. Unless you in person license a fashionable proprietary tool, your toolkit might not associate with you if you progress from one company to a different. Any product specific experience you designed up might find yourself chaffy. If you’re presently used in enforcement, any law enforcement–only tools you’re ­currently victimisation won’t be offered to you ought to you opt to travel into the personal sector.

If movability means that you’ll be able to select wherever you utilize your tools, flexibility means that you’ll be able to select however you utilize your tools. {you will|you’ll|you’ll be able to} use open supply tools on your native system otherwise you can install them on a foreign server and use them over a foreign shell. {you will|you’ll|you’ll be able to} install them on one system otherwise you can install them on thousands of systems. you’ll be able to do all this while not asking the package supplier for permissions, while not filling out a buying deal order, and while not plugging m hardware copy protection dongles into m machines.


In addition to being open supply, all of the tools lined during this work square measure freed from price. this can be nice for people trying to find out forensics on their own, students taking formal work in digital forensics, or examiners trying to make a digital forensics capability on a budget. this can be conjointly an excellent profit for anyone already employing a men of business tools. Adding a group of open supply tools to your toolkit can sometimes price you nothing, on the other hand a touch of your time. although you continue victimisation proprietary, industrial tools on a usual, you’ll be able to use the tools during this book as associate degree adjunct to hide gaps in your tools coverage or to validate or calibrate your tools’ findings and operation.

Ground Truth

Arguably the most important profit open supply package provides to the examiner is that the code itself. As known thinker semiotician once same, “the map isn’t the territory.” having the ability to review the ASCII text file that you just then compile into a operating program is valuable. If you have got the talent and need, you’ll be able to build changes to
the perform of the code.

You can verify fixes and changes between versions directly while not having to easily trust what your package supplier is telling you. victimisation the Sleuth Kit as associate degree example, we’ve got no but 3 alternative ways to review bug fixes within the package. First, we are able to review the modification log files enclosed with every unleash. Most proprietary package vendors can embrace one thing similar once a brand new version is discharged. Second, we are able to review the freely accessible bug trackers maintained at the Sleuth Kit project website.

Most proprietary rhetorical package vendors won’t give open access to their full list of bugs and fixes. Finally, we are able to take the previous version of the ASCII text file and compare it with the newer version mechanically via the diff command, lightness precisely that changes have occurred. the primary possibility is reading the map. The last possibility is ­surveying the territory.

Additionally, with open supply package the perform of the code will be reviewed directly. The authors have had experiences wherever proprietary rhetorical product have made provably incorrect results, however these tests were performed in an exceedingly “black box” state of affairs. familiar input files were generated and processed, and precalculated expected results compared to the output from the proprietary tool, and false negatives were discovered. The authors had to bypass the tool’s internal logic and implement correct perform outwardly. Had the tool been open supply, the error in process might are known directly within the code,fixed, and later on mounted within the main code repository, characteristic and determination the matter for all users of the code.

In the previous state of affairs, the dearth of access to the ASCII text file acted as an extra layer of abstraction between the examiners and therefore the truth. every layer of abstraction could be a attainable supply for error or distortion. Since the goal of the examiner is to uncover truth, it’s within the examiner’s interest to confirm that the attainable layers of abstraction square measure reduced. If your findings square measure ever brought into question, having the ability to indicate the particular ASCII text file accustomed generate knowledge you taken might be implausibly valuable.

What Is Digital Forensics And Open supply Tool?


The world of digital forensics encompasses a long history of relying heavily on closed-source tools. Armed with associate degree understanding of what we tend to do, why we tend to do it, and why we elect to use the tools we tend to do, we are able to pass on to consecutive chapter and start building associate degree open supply examination platform

If you wish Overall data On Digital Forecnsics and Open supply Tool Then attend my website And Check alternative Blogs For a lot of Blogs Click Here

Related posts

Leave a Comment