Open Forensic Devices

Lee Tobin, Pavel Gladyshev

Abstract


Cybercrime has been a growing concern for the past two decades. What used to be the responsibility of specialist national police has become routine work for regional and district police. Unfortunately, funding for law enforcement agencies is not growing as fast as the amount of digital evidence.

In this paper, we present a forensic platform that is tailored for cost effectiveness, extensibility, and ease of use. The software for this platform is open source and can be deployed on practically all commercially available hardware devices such as standard desktop motherboards or embedded systems such as Raspberry Pi and Gizmosphere's Gizmo boar0. A novel user interface was designed and implemented, based on Morphological Analysis.


Keywords


forensic device; open source; write-blocker; forensic imaging; morphological analysis; user interface design

Full Text:

PDF

References


Carrier, B. (2010). The sleuth kit. Retrieved from http://www.sleuthkit .org/sleuthkit/

CPRTools. (2015, Aug). Psiclone disk imaging device. Retrieved from http://www.cprtools.com

Developers, A. (2012). Android debug bridge.

Grenier, C. (2007). Photorec. Re-trieved from http://www.cgsecurity.org/wiki/PhotoRec

Halderman, J. A., Schoen, S. D., Heninger, N.,

Clarkson, W., Paul, W., Calandrino, J. A., ... Felten, E. W. (2009). Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 52(5), 91– 98.

Harbour, N. (2006, Feb). dcfldd, an enhanced version of gnu dd. Retrieved from http://dcfldd.sourceforge.net/

Jacobson, V., Leres, C., & McCanne, S. (2003). Tcpdump public repository. Retrieved from http://www.tcpdump.org

Korsgaard, P. (2015, June). Buildroot embedded linux system. Retrieved from http://www.buildroot.org/

Müller, T., & Spreitzenbarth, M. (2013). Frost. In Applied cryptography and network security (pp. 373–388).

Ritchey, T. (1998). General morphological analysis. In 16th euro conference on operational analysis.

Tableau. (2015, Aug). Td2u forensic duplicator. Retrieved from https://www.guidancesoftware.com

Tobin, L. (2013a, Apr). Firebrick: Open source disk imager & write blocker. In Massachusetts attorney general’s office - national cyber crime conference.

Tobin, L. (2013b, Oct). Firebrick v2: Remote open source disk imager & write blocker. In Wisconsin association of computer crime investigators conference.

Tobin, L. (2015, June). Firebrick v3: iscsi write-blocker and imaging device. Retrieved from https://github.com/leetobin/ firebrick3

Tobin, L., & Gladyshev, P. (2013, May). The FIREBrick platform. Retrieved from http://digitalfire.ucd.ie/firebrick

Zwicky, F. (1948). Morphological astronomy.

Springer Science & Business Media.


Refbacks

  • There are currently no refbacks.


Copyright (c) 2016 Journal of Digital Forensics, Security and Law

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law