A Framework for Automated Digital Forensic Reporting

Abstract

Forensic analysis is the science of finding, examining and analyzing evidence in support of law enforcement, regulatory compliance or information gathering. Today, almost all digital forensic analysis is done by humans, requiring dedicated training and consuming man-hours at a considerable rate. As storage sizes increase and digital forensics gain importance in investigations, the backlog of media requiring human analysis has increased as well. This thesis tests today's top-of-the-line commercial and open source forensic tools with the analysis of a purpose-built Windows XP computer system containing two users that engaged in email, chat and web browsing. It presents the results of a pilot user study of the PyFlag forensic tool. Finally, it presents a technique to use software to do a preliminary analysis on media and provide a human readable report to the examiner. The goal of the technique is to perform rapid triaging of media and allow the human examiner to better prioritize man hours toward media with high return on investment.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2009
Accession Number
ADA496800

Entities

People

  • Paul F. Farrell Jr.

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Computational Forensics
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Data Analysis
  • Digital Media
  • Electronic Mail
  • Graphical User Interface
  • Internet
  • Malware
  • Mobile Phones
  • Operating Systems
  • User Interface
  • Web Browsers

Readers

  • Critical Infrastructure Protection in CBRN and WMD Threats.
  • Database Systems and Applications
  • Systems Analysis and Design