Tuesday 5th November, 2013
1:40pm to 2:15pm
Historically, a computer examiner would be tasked to identify files within acquired data sets which contained keywords. Identified file were reported to the investigating agent, who would then supply additional keywords, and the process would continue. This cyclic approach is impracticable for larger acquisitions. The DOT OIG CCU routinely sees data sets in excess of 5TB per case. To meet this challenge, a means of identifying those files of potential investigative interest has been developed. Extracted data is provided to the investigator, who can review the data without the need to learn specialized reviewing tools, in a forensically sound manner.
This method is best suited to investigations involving several computers across a company network, ideally in the investigation of white collar crime, although it may also be applied with examiner discretion to other case types.
In addition, the proposed solution makes use of open source forensic software, and is currently deployed by DOT CCU as part of a portable examination. The script provides the means to conduct an automated extraction of those files most likely to be of investigative interest. Extraction is conducted across all forensically acquired images, and extensive examination notes are generated automatically.
2:20pm FIREBrick: Open Source Forensic Hardware Platform by Pavel Gladyshev
Sign in to add slides, notes or videos to this session