Professional Documents
Culture Documents
net/publication/301446454
CITATIONS READS
9 186
2 authors:
Some of the authors of this publication are also working on these related projects:
Comparative analysis of methods used for Monitoring Activities of Daily Living for the Elderly People View project
All content following this page was uploaded by Nilakshi Jain on 23 March 2020.
Abstract—This Digital Forensic investigation is a special determine the phases which these tools can be complete of
field of computer forensic in which the scientific procedures and proposed framework.
tools allow the digital evidence to be admissible in a court of law. Secondary objective is to develop the tool which completes all
However there is not a proper guidance or predefined method
which is accepted in court of law for investigation. Some tools or
phases of proposed framework [3] with history keeper &
techniques provides partial solution to this .In this paper the feedback support and also completes need of digital forensic
various challenges with current digital forensic tools are tool for any organization.
identified .Literature studied demonstrate that no complete
,comparative and automated tool with history keeper and II. NEED FOR CURRENT PROPOSED TOOL
feedback approach exist to manage the crucial activities in the
organizations. The major objective is to implement the digital A. Common requirements of Digital Forensic Tool in the
forensic tool which is based on digital forensic framework organization
proposed [3] and also able to manage all suspicious activity in the
organization. The proposed digital forensic tool is an automated Information communication technology (ICT) has
report generation tool which is having facility of history keeper increased the data flow from one organization to another
and feedback approach. Hence this tool will be utilize by all the organization. Hence this has increased the cyber crimes .To
application without worrying about the field of crime .The tool ensures security following points should be cover by any
will work as source of information for new investigator due to digital forensic tool:
new two additional modules mentioned above.
• Provides the proper platform to investigate the
Keywords—digital forensic ,computer forensic tool , framework, incidents and frauds.
cyber crime .
• Tool should be effective and efficient enough to
I. INTRODUCTION control the unauthorized data flow.
The Field of Digital Forensic is a relatively new field in the • It should ensure the availability of reliable, good
ocean of Forensic world [1][2] .In recent past years number of and authenticate digital evidence which should be
digital forensic process has been proposed to claim the admissible in the court of law.
authenticate and reliable process in court of law and many • The tool can also be used for non investigation
software companies developed the digital forensic tool to purpose to increase the knowledge of employees
manifest few proposed processes. In digital forensic and improve their performance.
investigation many authors developed tool same as their own
digital forensic methodology such as Encase[4][5].And most of B. Various Digital Forensic Tools
tools provides partial solution to the investigation as per their
A number of Digital Forensic Tools /suites are available for
knowledge of methodology proposed .Some proposed new
investigators to conduct digital forensic investigation .The
components to the existing forensic processes and added to the
sleuth Toolkit [12], Encase [4] [5] [6] and FTK [8] are readily
existing ones .Many process which claim to be complete are
accepted digital forensic tools that are emerging to comply
exploited in court of law where both the digital evidence and
with the increase demand of forensic tools. The following
process are rejected by the court .However ,no compared and
digital forensic tools are reviewed:
integrated approach has been established with feedback and
TABLE 1 DIGITAL FORENSIC TOOLS
history keeper approach [3].
To overcome the problem we proposed a framework in [3] and Sr. Name of Digital Source of Software / Website
this paper is the enhancement of previous theory that’s main No Forensic Tool
objective is practically apply the same theory in the 1 Encase [4][5][6] http://www.guidancesoftware.com
development of the proposed tool .The primary objective of the 2 FTK[7][8] http://en.wikipedia.org/wiki/Forensic_Toolkit
3 SANS SIFT[9] https://www.sans.org/
paper is to study existing top 25 digital forensic tools and
4 PTK[10] http://en.wikipedia.org/wiki/PTK_Forensics
Phases of proposed
framework[3] Digital Forensic Tools
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
24]
[16]
[25]
[30]
DFF[14]
HxD[27]
PTK [10]
DEFT[22]
FTK[7][8]
Xplico [23]
Recuva[20]
CAINE [19]
COFEE [15]
HELIX3[28]
Linux'dd'[18]
Volatility[17]
Sr.
HexEditor [21]
PlainSight [26]
Encase[4][5][6]
AwardKeylogger
USBDeview [31]
ProDiscover Basic
LastActivityView[
Mandiant RedLine
1 Acquire √
2 Analyze √ √ √ √ √ √ √ √ √ √
Approach
3 Strategy
4 Assess
5 Attribute √
6 Authenticate √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
7 Become Aware √ √ √ √ √ √ √ √ √ √
8 Classify √ √ √ √
9 Closure
10 Communication
11 Decide
12 Decision
13 Destroy √ √
Digital
14 Investigation √ √
15 Document √ √ √ √ √ √ √
16 Extract √ √ √ √ √
17 Harvest √ √ √ √ √ √ √ √ √ √ √ √
18 Hypothesis √
Phases of proposed
framework[3] Digital Forensic Tools
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
24]
[16]
[25]
[30]
DFF[14]
HxD[27]
PTK [10]
DEFT[22]
FTK[7][8]
Xplico [23]
Recuva[20]
CAINE [19]
COFEE [15]
HELIX3[28]
Linux'dd'[18]
Volatility[17]
Sr.
HexEditor [21]
PlainSight [26]
Encase[4][5][6]
AwardKeylogger
USBDeview [31]
ProDiscover Basic
LastActivityView[
Mandiant RedLine
19 Incident Response √ √ √
20 Individualize √
21 Infrastructure
22 Notify
23 Operational
24 Package √
Physical
25 Investigation √
26 Plan
27 Policy/Procedure
28 Post Process
29 Pre-process
30 Readiness
31 Reconstruct √ √
32 Recover √ √ √ √ √ √ √ √ √ √ √ √
33 Reduce √ √ √
34 Search √ √ √ √ √
35 Seizure
36 Submit
37 Trace √ √
38 Trace back
39 Transport
40 Triggering
[10] Wikipedia PTK Forensic . http://en.wikipedia.org/wiki/PTK_Forensics ,
February 2015 .
IV. CONCLUSION [11] AFFLIB open Source Computer Forensic Software . Bulk Extractor
https://github.com/simsong/bulk_extractor/wiki/Installing-
bulk_extractor , February 2015 .
The study was conducted by studying various digital forensic
[12] B.D. Carrier .Sleuth Kit . http://www.sleuthkit.org/sleuthkit/ January
tools included in literature .This paper was motivated by the 2015.
lack of consistent technology in digital forensic research area. [13] Wikipedia .The Coroner’s Toolkit . http://www.sleuthkit.org/sleuthkit/
The main objective of the study was to determine whether the February 2015.
complete proposed digital forensic framework can be [14] Digital Forensic Framework .(Re)Discover Digital Investigation
implemented in digital forensic tool with automated report http://www.sleuthkit.org/sleuthkit/ January 2015.
generation .The tool was developed and tested on many cases [15] Wikipedia ,Computer Online Forensic Evidence Extractor (COFEE),
http://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extr
related to various application areas and achieved very fast and actor , January 2015.
reliable result. In review of literature we have included 25 [16] ARC ,ProDiscover Basic .
digital forensic tools the study can be done on more to get http://www.arcgroupny.com/products/prodiscover-basic/ , January 2015.
wide objective [17] https://www.volatilesystems.com/default/volatility , February 2015.
[18] Linux dd, http://sourceforge.net/projects/dc3dd/ , February 2015.
References [19] CAINE Software , http://www.caine-live.net/page5/page5.html ,
January 2015.
[1] V.Baryamureeba and F.Tushabe.The Enhanced Digital Forensic [20] Wikipedia , Recuva , http://en.wikipedia.org/wiki/Recuva , February
Investigation Process Model .In proceedings of the 4th Annual Digital 2015.
Forensic Research Workshop ,Baltimore ,MD .Citeseer 2004.
[21] Wikipedia , HexEditor , http://en.wikipedia.org/wiki/Recuva , January
[2] M.Reith ,C.Carr,and G.Gunsch .An Examination of Digital Forensic 2015.
Models. International journal of Digital Evidence,1(3):1-12,2002.
[22] DEFT , http://www.deftlinux.net/ , February 2015.
[3] Nilakshi Jain and Dr.Dhananjay R Kalbande ,Digital Forensic
Framework using Feedback and Case History Keeper ,International [23] Network Analysis Tool ,Xplico http://www.xplico.org/download ,
Conference on Communication ,Information & Computing Technology February 2015.
(ICCICT) ,pp 1-6 ,2015. [24] LastActivityView
[4] Guidance Software .Encase search technology validated http://www.nirsoft.net/utils/computer_activity_view.html , February
https://www.guidancesoftware.com/products/Pages/encase- 2015.
forensic/overview.aspx?cmpid=nav ,January 2015. [25] Mandiant RedLine
[5] Wikipedia –Encase . http://en.wikipedia.org/wiki/EnCase , January https://www.mandiant.com/resources/download/redline , January 2015.
2015 [26] PlainSight http://www.plainsight.info/index.html , January 2015.
[6] Sectool –Encase . http://sectools.org/tool/encase/ ,January 2015. [27] HxD Freeware Hex Editor and Disk Editor , http://mh-nexus.de/en/hxd/
[7] Wikipedia .Forensic Toolkit , January 2015.
http://en.wikipedia.org/wiki/Forensic_Toolkit ,January 2015. [28] HELIX3, Incident Response and E Discovery tool , http://www.e-
[8] Access Data .Forensic Toolkit http://accessdata.com/solutions/digital- fense.com/products.php , January 2015.
forensics/forensic-toolkit-ftk ,January 2015. [29] P2explorer , https://www.paraben.com/p2-explorer.html , January 2015.
[9] System Administration Networking and Security Institute (SANS [30] AwardKeyLogger , http://www.award-soft.com/award-keylogger ,
).Computer Forensics and Incident Response . January 2015.
https://www.sans.org/course/advanced-computer-forensic-analysis- [31] USBDeview http://www.nirsoft.net/utils/usb_devices_view.html ,
incident-response ,February 2015. January 2015.