Scrutiny of the capabilities and accuracy of computer forensic tools is increasing as the number of incidents relying on digital evidence and the weight of that evidence increase. This thesis describes the capabilities of the leading proprietary and open source digital forensic tools. The capabilities of the tools were tested separately on digital media that had been formatted using Windows and Linux. Experiments were carried out with the intention of establishing whether the capabilities of open source computer forensics are similar to those of proprietary computer forensic tools, and whether these tools could complement one another. The tools were tested with regards to their capabilities to make and analyse digital forensic images in a forensically sound manner. The tests were carried out on each media type after deleting data from the media, and then repeated after formatting the media. The results of the experiments performed demonstrate that both proprietary and open source computer forensic tools have superior capabilities in different scenarios, and that the toolsets can be used to validate and complement one another. The implication of these findings is that investigators have an affordable means of validating their findings and are able to more effectively investigate digital media.
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:rhodes/vital:4717 |
Date | January 2015 |
Creators | Sonnekus, Michael Hendrik |
Publisher | Rhodes University, Faculty of Science, Computer Science |
Source Sets | South African National ETD Portal |
Language | English |
Detected Language | English |
Type | Thesis, Masters, MSc |
Format | 166 leaves, pdf |
Rights | Sonnekus, Michael Hendrik |
Page generated in 0.0022 seconds