Cyber Crimes Analysis Based on Open Source Digital Forensic Tools

Abstract

In this paper, we are present the digital forensic open source tools: Fiwalk, Bulk_Extractor, Foremost, Sleuth Kit, and Autopsy which are all Linux based forensic tools to extract evidences that could be presented in the court of law. Fiwalk reads a disk image and outputs a block of XML containing all the disk image of resident and deleted files. Foremost recovers files by using their headers, footers and data structures. The Sleuth Kit and Autopsy perform various aspects of file system analysis. The Autopsy Forensic Browser is a graphical web interface that presents the results generated by Sleuth Kit. This research project demonstrates the usefulness of the above- mentioned forensic tools for analysis and recovery of obliterated data from hard drives. This paper found that Sleuth Kit, Autopsy Forensic Browser, Fiwalk, Bulk_Extractor, and Foremost all provide effective file system analysis and recovery tool sets. The increasing complexity of storage devices requires that the investigator employs different forensic tool set to complement his arsenal of tools. No single digital forensic tool would be sufficient for an entire digital forensic investigation case. With this consideration, this paper employs various forensic tools. The demonstration of the effectiveness of these digital forensic tools utilized in this paper could serve as an alternative for investigators looking to expand their digital forensic tool set functionality in the court of law. Details of the experiments are fully given at the expense of bulkiness since this works is aim at enhancing the utilities of open source forensics tools applications