CFP last date
20 January 2025
Reseach Article

Survey of Forensic and Analysis Tools based on Grouping of Digital Evidence using Metadata Functionality

by Anubhav Kumar Vaid, Yogendra P.S. Maravi, Jitendra Singh Verma
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 142 - Number 3
Year of Publication: 2016
Authors: Anubhav Kumar Vaid, Yogendra P.S. Maravi, Jitendra Singh Verma
10.5120/ijca2016909718

Anubhav Kumar Vaid, Yogendra P.S. Maravi, Jitendra Singh Verma . Survey of Forensic and Analysis Tools based on Grouping of Digital Evidence using Metadata Functionality. International Journal of Computer Applications. 142, 3 ( May 2016), 28-34. DOI=10.5120/ijca2016909718

@article{ 10.5120/ijca2016909718,
author = { Anubhav Kumar Vaid, Yogendra P.S. Maravi, Jitendra Singh Verma },
title = { Survey of Forensic and Analysis Tools based on Grouping of Digital Evidence using Metadata Functionality },
journal = { International Journal of Computer Applications },
issue_date = { May 2016 },
volume = { 142 },
number = { 3 },
month = { May },
year = { 2016 },
issn = { 0975-8887 },
pages = { 28-34 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume142/number3/24878-2016909718/ },
doi = { 10.5120/ijca2016909718 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:43:58.759972+05:30
%A Anubhav Kumar Vaid
%A Yogendra P.S. Maravi
%A Jitendra Singh Verma
%T Survey of Forensic and Analysis Tools based on Grouping of Digital Evidence using Metadata Functionality
%J International Journal of Computer Applications
%@ 0975-8887
%V 142
%N 3
%P 28-34
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Computer forensics can be defined as obtaining computer storage media so that data can be used as evidence in court. Traditionally the analysis of sources of digital evidences is done by examining the artefacts and metadata of artefacts for authenticating the gathered information and sequencing them in the manner they occurred. Analyzing the information acquired by forensic investigator in traditional way is a cumbersome task but it can be overcome if all the related artefacts are grouped together on the basis of metadata information they prevails. This paper is mainly focused on metadata based association of digital evidences which can simplify the task of forensic investigator and can also help in reducing human intervention making the process automatic. The main objective of this paper is to study working principal and compare different existing forensic tools on the basis of various parameters such as capability for accessing digital evidence, sources they can examine, metadata parsing capability, and analyzing them that whether they can provide grouping of different artefacts present in same or different investigating sources on the basis of metadata they contain. General Terms Survey of Forensic tools on the basis of metadata extraction property.

References
  1. Casey E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, Academy Press Publications 3/e, ISBN 978-0-12-374268.
  2. Raghavan. And Raghavan S. V. (2013). A Study of Forensic and Analysis Tools, in Proceedings of the 2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE), IEEE 978-1-4799-4061-5, Hong Kong, China, Nov 21-22, 2013.
  3. Buchholz F and Spafford E H. (2004). On the Role of System metadata in Digital Forensics, Digital Investigations, 1(1), pp. 298-309.
  4. Garfunkel S L. (2009). Digital Forensic Research: The next 10 years, Digital Investigations, In Proceedings of the 10th Annual Conference on Digital Forensic Research Workshop (DFRWS ’10), Vol. 7(2010), pp. S64-S73.
  5. Carrier, B. D., & Spafford, E. H. (2004). An Event-based Digital Forensic Investigation Framework, Paper presented at the 4th Annual Digital Forensic Research Workshop (DFRWS ’04).
  6. DFRWS Technical Committee. (DFRWS) (2001). A Road map for Digital Forensic Research: DFRWS Technical Report, DTR - T001-01 FINAL
  7. Carrier B D. (2005). File system Forensic Analysis, Addison Wesley Publishers, ISBN 0-32-126817-2
  8. Casey E. (2007). What does “forensically sound” mean? Digital Investigations (Editorial), Vol. 4(1), pp. 49-50
  9. Garfunkel S L., Malan D., Dubec K., Stevens C and Pham C. (2006). Advanced Forensic Format: An Open Extensible Format for Disk Imaging, Proceedings of the Second Annual IFIP WG 11.9 International Conferences on Digital Forensics, Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds.), Springer, Boston, 2006. (ISBN: 0-387-36890-6) pp. 17-31
  10. McKemmish R. (1999). What is Forensic Computing? Australian Institute of Criminology: Trends and Issues in Crime and Justice, ISBN 0-642-24102-3, No.188, pp.1-6.
  11. Beebe, N. L., & Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), pp. 147-167
  12. Gerber, M., & Leeson, J. (2004). Formalization of computer input and output: the Hadley model. Digital Investigation, Vol. 1(3), pp. 214-224.
  13. Carrier, B. D., & Spafford, E. H. (2006). Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation, the Proceedings of the 6th Annual Digital Forensic ResearchWorkshop (DFRWS '06), 3(Supplement 1), pp. 121-130.
  14. Hosmer C. (2006). Digital Evidence Bag, Communications of the ACM Vol. 49(2), pp. 69-70.
  15. Pal A, Sencar H T and Memon N. (2008). Detecting File Fragmentation Point Using Sequential Hypothesis Testing, Digital Investigations, Proceedings of the 8th Annual Digital Forensic Research Workshop (DFRWS ’08), Vol. 5(Supplement 1), pp. S2-S13.Carrier B D., (2003),
  16. Hosmer C. (2006). Digital Evidence Bag, Communications of the ACM Vol. 49(2), pp. 69-70.
  17. Myers M and Rogers M. (2004). Computer Forensics: A need for Standardization and Certification, Intl. Journal of Digital Evidence Vol. 3(2), pp. 1-11
  18. Pollitt M. (2007). An Ad-hoc review of Digital Forensic Models, IEEE Publication, In Proceedings of the Second Intl. Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE ’07).
  19. Reith M, Carr C and Gunsch G. (2002). An Examination of Digital Forensic Models, Intl. Journal of Digital EvidenceVol.1 (3), pp.1-12.
  20. MocasS.(2004).Building theoretical underpinnings for digital forensics research. Digital Investigation, Vol. 1(1), pp. 61-68.
  21. DFRWS Technical Committee. (DFRWS) (2001). A Road map for Digital Forensic Research: DFRWS Technical Report, DTR - T001-01 FINAL
  22. Richard III, G. G., and Roussev, V. (2005). Scalpel: A Frugal High performance File Carver, Paper presented at the 5th Annual Digital Forensics Research Workshop (DFRWS ’05)
  23. Hosmer C and Hyde C. (2003). Discovering Covert Digital Evidence, Paper presented at the 3rdAnnual Digital Forensic Research Workshop (DFRWS ’03).
  24. Lee S, Shamma D A and Gooch B. (2006). Detecting False Captioning Using Common Sense Reasoning, Digital Investigations, Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS ’06) 3(Supplement 1), pp. S65-S70.
  25. Hargreaves C, Chivers H and Titheridge D. (2008). Windows Vista and Digital Investigations, Digital Investigations, Vol. 5(1), pp. 34
  26. ParkB,ParkJandLeeS.(2009).Data Concealment and Detection in Microsoft Office 2007 Files, Digital Investigation, Vol. 5 (3-4). pp. 104-114.
  27. CarrierBD,(2003),Sleuthkit,http://www.sleuthkit.org/sleuthkit/, last retrieved on July 12, 2011
  28. CarrierBD.(2005).Filesystem ForensicAnalysis, Addison Wesley Publishers, ISBN 0-32-126817-2
  29. Carrier, B. D., (2003). Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers. International Journal of Digital Evidence (IJDE), Vol. 1(4), pp. 1-12.
  30. Alink, W., Bhoedjang, R. A. F., Boncz, P. A., & de Vries, A. P. (2006). XIRAF - XML-based indexing and querying for digital forensics. Digital Investigation, The Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS '06), 3(Supplement 1), pp. 50-58.
  31. www.caine-live.net/page11/page11.html last retrieved on March 12, 2016
  32. www.freeviewer.org/bkf last retrieved on March 12, 2016
  33. https://www.foxtonforensics.com/browser-history-capturer/ last retrieved on March 12, 2016
  34. Raghavan S. And Raghavan S. V. (2013). AssocGEN: Engine for Analyzing Metadata Based Associations in Digital Evidence, In Proceedings of the 2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE), IEEE 978-1-4799-4061-5, Hong Kong, China, Nov 21-22, 2013.
  35. Minack E., Paiu R., Cost ache S., Demartini G., Gaugaz J., Ioannou E., Chirita P-A, and Nejdl W., (2010), Leveraging personal metadata for Desktop Search: The Beagle ++ System, Journal of Web Semantics: Science, Services, and Agents on the WWW, Elsevier Science Publications, ISSN: 1570-8268, Vol. 8(1), pp. 37-54.
  36. Zander S., Nguyen T. And Armitage G. (2005)., Automated Traffic Classification and Application Identification using Machine Learning, In Proceedings of the IEEE Conference on Local Computer Networks, IEEE LCN 2005, Sydney, Australia, ISBN: 0-7695-2421-4, pp. 250-257.
  37. Raghavan S., Clark A J., and Mohay G. (2009). FIA: An Open Forensic Integration Architecture for Composing Digital Evidence., Forensics in Telecommunications, Information and Multimedia, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2009, Volume 8(1), pp. 83-94, DOI: 10.1007/978-3-642-02312-5_10
  38. Case A, Cristina A, Marziale L, Richard G and Roussev V. (2008). FACE: Automated Digital Evidence Discovery and Correlation, Digital Investigations, Proceedings of the 8 Th Annual Digital Forensic Research Workshop (DFRWS ’08), 5(Supplement 1), pp. S65-S75.
Index Terms

Computer Science
Information Sciences

Keywords

Digital evidence Binary abstraction File system and schema support Metadata Evidence composition