These companies usually search for a tool within their budget or use a popular open-source tool. Commercial forensic disk imaging tools are usually costly, and not all companies can afford to purchase these tools. The forensic investigation and reporting could be any of three ways, i.e., technical, investigative, and evaluative, where each investigative type has a specific purpose and context. It was reported that unless forensic tools could generate quality data, the court would not accept the evidence. There are many digital forensic tools available on the market (e.g., open-source tools, and commercial tools) to recover, collect, and analyse data the forensic tools must follow the standards for digital evidence that are mentioned in a country’s laws. Nowadays, digital forensic investigation plays an important role in criminal investigations and requires many steps to collect the data and analyse the collected data to find evidence. Subsequently, the remnant data analysis shows that consumers in New Zealand are unaware of personal data security and the associated vulnerabilities of data leakages. We note that 88.23% of the USB hard drives contained sensitive personal or business information (e.g., personal photos, bank transactions, and contracts). We observe that the percentage of hardware resources usage and the processing time of each tool are remarkably different, e.g., Guymager was the fastest tool and met all the functional requirements in each test case, but it utilised more CPU and memory resources than DC3DD, DCFLDD. We evaluate these forensic tools by analysing the log information, following, anonymously (to ensure that data were not disclosed or misused during or after the investigations) collecting, examining, and classifying the remnant data restored from the USB hard drives. We create various test cases, which distribute USB hard drives in different groups and investigate the functional and optional requirements of NIST along with recovering and analysing remnant data. The experimental setup consists of a forensic workstation, write-blocker, and purchased USB hard drives investigated via digital forensic imaging tools, i.e., DC3DD, DCFLDD, and Guymager. To address this issue, we experimentally evaluate three open-source forensic tools based on various requirements recommended by the National Institute of Standards and Technology (NIST) framework for forensic investigation. The digital forensic tools used by law enforcement agencies for forensic investigations are mostly proprietary and commercially expensive although open-source tools are used, the investigations conducted with such tools are not verified by reputable organisations, and hence, users are reluctant to practice such tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |