Forensics Visualizations With Open Source Tools

A session at 4th Annual Open Source Digital Forensics Conference & Workshops

  • Simson Garfinkel

Tuesday 5th November, 2013

8:40am to 9:15am (EST)

There is a deep belief among computer forensics practitioners that improved visualizations will make it easier to address the onslaught of data that we face daily. But creating a good visualization is hard work. Many visualizations require careful planning and tuning, and they do not readily generalize to other data sets, let alone other practitioners or organizations. A second problem faced by open source practitioners is deciding which visualization technology to use — there are so many to choose from, including static PDF files, static web pages, and interactive graphics. Then there is the purpose of the visualization, whether it is to help the investigator find new information or to explain a complicated case to a third party. This talk describes visualization choices, shows examples drawn from open source data sets, and discusses the visualization choices made in the development of scale-free one-page PDF visualizations for pcap files (tcpflow) and disk images (bulk_extractor).

About the speaker

This person is speaking at this event.
Simson Garfinkel

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 8:40am9:15am EST

Date Tue 5th November 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session