Thesis on "Digital Forensics"

Home > Topics > Computers & Internet My Account

Thesis 8 pages (2402 words) Sources: 10 Style: APA

[EXCERPT] . . . .

Digital Forensics Technology:

Why Open Source Forensic Software Is a Significant Development

Of the many new technologies introduced into digital forensics in the last five years, open source forensic software has been the most significant in its contributions to forensic analysis, the prevention and solving of crimes. Open source forensics software is today being used for the identification of unauthorized access, the presentation and analysis of access points and capturing of a cybertrail that can be used as evidence in U.S. Courts

(Volonino, 2003). This is significant as open source software was initially perceived by the broader it community as lacking the security, reliability and support for proprietary software (Muller-Seitz, Roger, 2009). Despite this reputation however adoption continues to outpace that of proprietary software over the last three years. Enterprise software companies including Microsoft, Oracle, SAP and others have specifically developed extensions to their own applications to capitalize on the economic benefits and rapid pace of innovation open source software provides. These are the same dynamics that are serving as the catalyst of rapid adoption and continual innovation of open source forensic software. The intent of this analysis is to evaluate why open source forensic software is important, how it is proving to be useful to corporations and law enforcement in fighting and in some cases alleviating computer crime, and how its use supports the three steps of gathering digital evidence. Included in those three steps are approaches to acquiring, auditing, authenticating and analyzing the digital evidence so it can be used in a

Continue scrolling to

download full paper ⤓

court of law.

The Increasing Importance of Open Source Forensic Software

The escalating rate of computer-based crime in the form of agents, Trojan viruses, and bots and automated Web Services that seek to capture personal information online and also gain access to secured banking, financial services, and military installations is growing at an exponential rate. The rate of growth of these threats is surpassing the ability of securities agencies and software firms to counter them (Abel, 2009). Amid this rapid growth of all forms of Internet-based crime, there have been only partially successful attempts from the leading software securities firms to alleviate this problem (Erickson, 2009). Ironically, proprietary software is not scaling as fast either from functionality or a market adoption standpoint to keep up wit h the onslaught of security weaknesses throughout the myriad of process workflow areas of the Web and its many banking, e-commerce, financial services and government sites. Open source forensic software, despite the criticisms of security, reliability and support (Abel, 2009) continues to be more agile as a development platform in responding to these threats. Open source forensics software has then progressed from fad to enterprise-wide application solution as a result (Rogers, 2003).

Open source forensics software also has a significantly lower Total Cost of Ownership (TCO) and a rapidly expanding base of development support which also combine to create an exceptionally strong catalyst of faster innovation as well (Bates, 1997). For budget-constrained companies, municipal, state and federal organizations, this lower TCO of open source software has been one of the business drivers favoring its adoption. The perceived vulnerabilities of open source, specifically it support of security standards common across digital forensics (Forte, 2008) has been validated through a series of performance audits (Irons, 2006). These have shown that open source software is just as secure as proprietary software and in some cases, even more so given the selection of configuration management selections by programmers in the coding and completion of the open source forensic software.

More fundamentally however, open source forensic software has shown the ability to scale from an architectural standpoint to support the rules-based approaches forensic analysis requires to support the digital evidence gathering process (Berghel, 2003). The basis of forensics software is a series of constraint and rules engines that seek to define the optimal path of evidence to a valid conclusion (Bates, 1997). Depending on the design philosophy of the forensics software the entire application could be based either on rules-based engines or constraint engines (Irons, 2006). It is rare to find one that mixes both rules and constraints, as this would require modeling of each actual scenario being investigated. The majority of forensics software is rules-based where each aspect of the digital evidence gathering process is defined as a set of conditional statements (O'Connor, 2005). These rules do not vary from one application to another, there are specific logic workflows defined and applied across the entire spectrum of digital forensics applications and tools. As a result, there is little if any variation in the security and reliability of open source forensics applications. Both private and public organizations including municipal, state and federal agencies, in their due diligence of evaluating open source forensic software consider this factor in conjunction with TCO analysis and determine that the price/performance of open source-based applications makes sense for their needs. The fact that training and continual development expertise is needed is certainly a factor, yet with the lower TCO and the broader community of development teams makes this more affordable compared to proprietary forensics software (O'Connor, 2005). In many instances larger organizations will license the source code and complete their own customizations, a process that would be quite expensive with proprietary software as well. This customization of open source forensics software to the precise needs of any given organization or government agency would be cost prohibitive with many of the proprietary software companies (Erickson, 2009).

All of these factors are contributing to the development of enterprise information assurance programs (Barbin, Patzakis, 2002). These programs are comparable in scope to enterprise compliance and quality management programs that rely on content management systems. Open source forensics software is moving from being an investigative tool to a compliance platform (Irons, 2006) and as a result is taking on the characteristics of content management systems as a result. Inherent in the design of the most advanced open source forensics software applications is support for enterprise-wide assurance programs that include their own databases, evidence management systems, audit features including the preservation of cybertrails captured electronically and recovery routines for records potentially lost from illegal activity. In short, open source forensics software is also acting as a catalyst for the development of enterprise-wide security platforms that can manage the entire scope of security workflows within organizations, government and federal systems (Irons, 2006). This is significant in that the databases that form the foundation of these systems now support access- and role-based taxonomies that can be used for analyzing trends in both authorized and unauthorized access to systems. The preservation and identification of these audit results, often called a cybertrail (Irons, 2006) is admissible as evidence in U.S. Courts as well (Volonino, 2003). Use of open source forensic software for electronic recovery and retention of electronic records that were compromised is also achieved through the use of the rules-based approach to verifying and validating their source and recovery (Barbin, Patzakis, 2002). The emergence of the enterprise information assurance programs and the support for enterprise compliance and quality management from a security standpoint illustrates how state-of-the-art open source forensics software is becoming. It is anticipated that within the next five years this progression of development will result in Service Oriented Architectures that include Web Services to automate these processes over secured Internet connections. To counter the exponential levels of threats that are occurring that seek to steal intellectual property and personal information, the developed of SOA platforms for compliance and Web Services is a necessity (Abel, 2009).

In conclusion the catalysts that are driving the rapid adoption of open source forensic software are going to accelerate in the next give years as organizations and government agencies seek to define compliance as a deterrent strategy, while also continually refining the audit process of how electronic access to systems is used. Through the use of rules-based logic workflows in open source forensics software is also going to lead to more use of predictive analytics to anticipate when illegal activity is about to occur and then thwart it through controls and the use of redirects. All of these advanced innovations will be made possible due to the broad base of support that open source software has generated in the digital forensics industry over the last five years and will continue to fuel into the future (Abel, 2009).

How Open Source Software Supports the Digital Evidence Gathering Process

The three steps of the digital evidence gather process of acquiring, authenticating and analyzing evidence all (Irons, 2006). Beginning with the acquisition process of digital evidence, open source forensic software's reliance interpreting and identifying unauthorized access to systems and the ability to audit each of these attempts to a quality level that is consistent with ISO Standard 15489:1 is essential for its use from a verifiability standpoint (Irons, 2006). Second the acquisition phase includes the capture of all forms of digital evidence with an emphasis on auditable activity over the Internet in the form of unauthorized attempts to gain access to systems and sites.… READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Digital Forensics" Assignment:

“

The question I'm responding to is, What is the most important new technology that has been introduced into digital forensics in the last five years, and why?

The answer I believe is open source forensic software. This is a very broad question and open source forensic software is a very broad answer as it encompasses many different programs. I am looking for the ***** to address the following; why they are important, and how they are useful for corporations or police in gathering evidence of computer crime. As well as how open source software applies to the following three steps of gathering digital evidence; acquire, authenticate, and analyze. Do open source software tools obtain evidence that is encrypted? Does it crack passwords? This topic is very broad and can be approached in many ways. Open source is not one specific tool it is more of a class of tools and I will leave a level of creativity up to the ***** to take it from there.

No wikipedia references please.

Please if the ***** has any questions/concerns please email me.

How to Reference "Digital Forensics" Thesis in a Bibliography

“Digital Forensics.” A1-TermPaper.com, 2009, https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917. Accessed 5 Oct 2024.

Digital Forensics (2009). Retrieved from https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917

A1-TermPaper.com. (2009). Digital Forensics. [online] Available at: https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917 [Accessed 5 Oct, 2024].

”Digital Forensics” 2009. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917.

”Digital Forensics” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917.

[1] ”Digital Forensics”, A1-TermPaper.com, 2009. [Online]. Available: https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917. [Accessed: 5-Oct-2024].

1. Digital Forensics [Internet]. A1-TermPaper.com. 2009 [cited 5 October 2024]. Available from: https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917

1. Digital Forensics. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/digital-forensics-technology-open/143917. Published 2009. Accessed October 5, 2024.

Related Thesis Papers: