Forensic Tool Development Project: Evidence Analysis and Sharing

Verified

Added on 2019/09/20

AI Summary

This project focuses on developing a digital forensic tool capable of mounting Expert Witness Format (.E01) evidence files and performing basic searches. The tool aims to address the limitations of existing forensic software by offering customizability and improved information sharing among investigators. The system will include modules for evidence mounting, .dd image creation, hash generation for verification, note sharing with user access control, file searching by filename, file type, and string, and report generation. The application will be developed in Java, C#, or C and will run on Windows. The project will also include research on related technologies, comparisons with existing tools, and diagrams to illustrate the system's architecture and functionality. The primary goals are to provide a customizable tool that can analyze evidence files and facilitate collaboration among investigators, ultimately improving the efficiency and effectiveness of digital forensic investigations.

Introduction
My project is to develop a forensic tool that is capable of mounting digital forensic evidence file of
expert witness format (.E01) and perform simple searches on the evidence file while sharing of
information is enabled between different users of the system. The basic understanding of the system
will be that it will work similarly to a typical digital forensic tool but with limited functionalities as it is
just a proof of concept.
Real World Problems
Although digital forensics field is considered a very professional and small field, there are still multiple
major digital forensic tools available in the market both off the shelf and freeware. They each have their
own strengths and weaknesses but they all share one common which is lack of customizability and
sharing of information. These digital forensic tools that are commonly used are usually used the way it is
as it is purchased or downloaded, users lack the capabilities of customizing the system for functions that
they require or might not require. Furthermore, there is a lack of communication between these digital
forensic tools which at times causes redundancy in work due to lack of communication. Forensic
investigators are unable to communicate or check on the work done by others efficiently which may
result slow progress in the investigation.
Solutions
The solution to solving the mentioned problem is to provide users with a system with customizability
which enables the user to only select modules or functions that are required by the user to develop a
system that fits the requirements of the user as best as possible. Another solution is to include a module
or function that allows the communication between investigators to share notes or follow ups on the
same case at the same time also implementing user access control.
Modules Proposed to be included in the system
The modules proposed are to be included into the system with minimal functionalities to proof the
concept of the system.
Mounting – The system is capable of mounting digital evidence files. The system will be able to mount
files of Expert Witness Format (.E01) as a proof of concept with write-block capabilities. After mounting
the evidence file, the evidence file will not be tampered with in any way while investigating which can
be checked using the hash.
Create .dd image – The system will not be mounting the original evidence file onto the filesystem to
prevent contaminating the original evidence file. Hence, a .dd image will be created based on the
original evidence file and the image created will be used to mount onto the filesystem where all
investigation process will take place. The image created will be identical to the original digital evidence.
Generate Hash – The system is capable of generating a hash value of the selected evidence file to be
compared with the original hash value which is included in the original evidence file. Both hashes will be
compared to prove that they are identical.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Share notes- The system will be able to share findings and notes that has been submitted by different
investigators on the case to check and share progress between each other. User access control will be
implemented to protect data privacy.
Search – Users can search the mounted image using three different parameters and the system will
return the results. Users can search by filename, file type, and also a specific string in files.
Generate Report – The system is able to compile all notes by different investigators of the same case
into a single document containing all notes.
Aims:
Forensic tools to analyze digital forensic evidence are relatively limited on the market. I hope to
write a program that is capable of mounting an Expert Witness File such as .E01 and analyze the
evidence file. The program will be capable to perform functions such as Search by Keyword, Size,
and File Type. Furthermore, the program is able to give a scoring to files which are deemed more
important to the investigator. The program also allows the investigator to add notes to the case
to help aid in the investigation of the process of analyzing the evidence. More functions will be
added to the application along the development process if capable.
Deliverables:
I intend to produce an application that runs on windows. The application will be written in Java,
C# or C. The report will have related research on technology related and used to develop the
application. The comparison between existing similar applications and the proposed system will
also be included. The main body of the report will be project context and description, research
and related diagrams.