Open Source Digital Forensics

Here’s an interesting site on open source digital forensics. The site is maintained by a group of volunteers and was created by Brian Carrier who wrote the “foundational book for file system analysis” in 2005, “File System Forensic Analysis.”

There are some potential legal benefits for using open source software in digital investigations. Brian Carrier looks at these benefits in his paper, “Open Source Digital Forensics Tools: The Legal Argument.”

It’s noted however that open source tools are not necessarily better than “closed source” tools because both may suffer from “serious bugs and faults and produce errors.” If a forensic tool is open source it does make it easier for an “investigator to verify that a tool does what it claims.”

The site provides a list of open source software organized into 8 categories including for example: data acquisition (used to collect data from a dead or live suspect system); memory (used to analyze memory dumps from computers) and frameworks to build custom tools.

There’s also a short section on forensic procedures which includes a link to the “Open Source Computer Forensics Manual” by Matias Bevilacqua and a project hosted by SourceForge.net.

A collection of references to test images assists those interested in digital forensic education research. Digital Corpora, for example, provides freely available “disk images, memory dumps, and network packet captures.”

If you’re interested in pursuing digital forensics as a possible career path the Chang School at Ryerson offers a certificate in “Computer Security and Digital Forensics” starting up next month. Also next month is the 8th National Symposium on Tech Crime and Digital Evidence. This symposium will take place at at the University of Calgary and is presented in partnership with Osgoode Professional Development.

Comments are closed.