Forensic Computing Development - Essay Example

? Forensic Computing     Forensic Computing OS Forensic is software used to easily uncover and extract relevant forensic data hidden in a computer within a short time period. This tool will enable the user to search/find files faster than the default search functionality that comes pre-installed in Windows operating system. It is known to be one of the most powerful and fastest tools in searching or locating files. OS forensics does not miss or omit files during the search operation, a weakness associated by the default search tool that comes with Windows systems. Its fastness does not affect the results so the user can be well assured that OS forensics will locate every single file on the hard disk. A user can use criteria such as size, filename, creation and modified dates in locating files. The search results returned by OS forensics are made available in different views which include the timeline view, thumbnail view and file listing (Beijnum, 2009, p. 23). This helps the user determine the pattern of activity on the computer and know where significant file change occurred. Besides locating the files, this tool can go further to search within contents of each file for a full analysis. OS forensics has a powerful pre-indexed search capability that offers full text search to hundreds of file formats. Below is a list of what results OS forensics can offer: Highlighting Wildcard searches Relevance ranked search results Exclusion searches Date sorting or date range searching Exact phrase matching "Google-like" context results File listing view of search results The file formats that can be indexed by OS forensics include: RTF, WPD, SWF, DJVU, DOC, PDF, PPT, XLS, JPG, GIF, PNG, TIFF, XLSX, MHT, ZIP, MP3, DWF, DOCX, PPTX and more. In addition, it has a feature that helps analyze files so as to determine their file type if they lack file extension. The advanced hashing algorithm in OS forensics can help create a unique fingerprint that is used to identify a file. OS forensics can help the investigator to organize the evidence discovered into a cryptographically secure single file. The expert can add more results and evidence to the case file for future reference and analysis and be confident that the case file cannot be tampered with. Case management helps the user to organize and aggregate case items and results from OS forensics. An advantage of this software is that it can be installed and run from a USB flash drive thus helps you in keeping your investigation tools and reports with you when you are mobile (Cansolvo & Scholtz, 2004, p. 85). A user should avoid installing any software on the target machine so as to avoid the risk of unintentionally overwriting or deleting valuable forensic data left by the suspect. With OS forensics, the computer expert can export case files as customizable and accessible reports that show all the evidence gathered. This feature helps to deliver a summary of readable forensic findings to law enforcement agents or clients at any time during the investigation. OS forensics can be used to retrieve e-mail messages directly from their archives without the need to install email client programs such as thunderbird or Outlook (Dimitrova, Bellotti, Lozanova & Roumenin, 2011). It reads directly into the archive and displays everything from message headers, HTML, Rich Text Format and regular Text. Supported file formats are: Mbox for thunderbird, UNIX mail, Eudora and more. Pst for outlook. Msg for outlook. Dbx for outlook express. Eml for outlook express. All the attachments associated with the specified email can be extracted too. Email searching functionality embedded in OS forensics can be used to quickly search across all the content in the email’s archive effectively. OS forensics Email Viewer The forensic value of carrying out the processes described above may vary depending on various factors such as who needs the information and for what purpose is the information in question needed (Lin & Stead, 2009, p. 67). This valuable process helps in figuring out what took place, how it happened, the time it happened and the parties involved. Some fields in which computer forensics techniques and methodologies are applied include: Finding out the root cause of a system failure. Finding the people behind misuse of computer systems. Finding who committed a crime. Finding victims of a suspected criminal. Figuring out criminal events planned and stopping them from happening. Examples of more specific criminal activities that would require computer experts to carry out forensics would be such as murder cases, financial fraud, child pornography, theft of trade secrets, harassment, infringement of copyrights and many more (Dimitrova, Bellotti, Lozanova & Roumenin, 2011, p. 38). Incriminating files are likely to be located on the suspect’s or victim’s computer. OS forensics works by use of advanced hashing algorithms which create a digital fingerprint that is unique and used in identifying a file. By comparing hash values, OS forensics determines if a file has been tampered with or corrupted (Ksherti, 2010). This can also help identify if an unknown file belongs to a set of known files regardless of file extension or differing file name. Use the Create/Verify hash module to create a digital identifier that is unique to a disk volume or file by calculating its hash value. You can choose any of the cryptographic algorithms in creating a hash such as MD5, SHA-256 and SHA-1. A single hash value created for disk volumes helps in describing directory structures, unallocated space and content of files. Comparing the original and new hash value helps detect if a disk volume has been tampered with or corrupted. A process known as disk cloning is done using a free OS forensics tool known as OSF Clone to create exact disk duplicates which are used alongside the original disk (Fowler, 2003). The shortcomings associated with the open source version of OS forensics are: Inability to mine deeper in the data Lack of dedicated support from developers at any time. Adding the ability to dig deeper in the data functionality is important in dealing with very complicated cases involving computer experts as the suspects of crime. Computer experts who know what the software capabilities are may try to hide incriminating evidence deeper in the files thus making it difficult for the software to locate that piece of information (Napa, 2011). Commercial versions of forensic software come with an added advantage of user support from the official developers unlike the open source version which is not guaranteed (Cimino & Shortlife, 2006). A client may request for a particular feature to be included in the commercial version and the response time is expected to be much faster as compared to one requesting for the same feature added in the open source version. The commercial alternatives of digital forensic software are; Internet Evidence Finder, Spector CNE Investigator, Registry Recon, EnCase, EPRB, COFEE, Windows to go, Forensic Assistant, Nuix, PeerLab, X-Way Forensics, Intella, Forensics Apprentice, FTK, Paraben P2 Commander and SafeBack. Not all commercially available forensics software can match the open source equivalent versions (Adigun, Ojo & Olugbara, 2011). This depends on several factors that the companies may have taken into consideration before developing the commercial software. The factors considered include, The target market. Financial capabilities of the company in hiring highly skilled programmers and marketing. Features to be included. The research carried out. These factors may help determine whether the commercial alternatives will be useful, efficient, productive and reliable than the open source equivalent. Bibliography Adigun, O., Ojo, S. O., & Olugbara, O. O. (2011) A grid enabled framework for ubiquitous healthcare service provisioning. Advances in Grid Computing, 230-252. Retrieved: http://cdn.intechopen.com/pdfs/13951/InTech-A_grid_enabled_framework_for_ubiquitous_healthcare_service_provisioning.pdf Beijnum, V. et al. (2009) Mobile virtual communities for telemedicine: research challenges and opportunities. International Journal of Computer Science and Applications, 6 (2), 19-37. Cansolvo, S. & Scholtz, J. (2004) Towards a framework for evaluating ubiquitous computing applications. Pervasive Computing, 82-88. Cimino, J. & Shortlife, H. (2006) Biomedical Informatics: Computer Applications in Health Care and Biomedicine. New York: Springer. Dimitrova, M., Bellotti, L., Lozanova, S. & Roumenin, C. (2011) Cloud computing framework for new medical interface technologies. Institute of Systems Engineering and Robotics, Bulgarian Academy of Sciences. Fowler, M. (2003) Patterns of Enterprise Application Architecture. New York: Addison-Wesley Professional. Ksherti, N. (2010) Cloud computing in developing economies: drivers, effects and policy measures. Retrieved: http://www.ptc.org/ptc10/program/images/papers/papers/Paper_Nir%20Kshetri_B8.pdf Lin, H. & Stead, W. (2009) Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions. New York: National Academies Press. Napa, A. (2011) Wireless Mobile Communication and Healthcare: Second International ICST Conference; Revised Selected Papers. New York: Springer. Read More