Advertisement

Examination of Digital Forensics Software Tools Performance: Open or Not?

  • Andrea Dizdarević
  • Sabina BarakovićEmail author
  • Jasmina Baraković Husić
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 83)

Abstract

The performance evaluation in terms of digital forensics tools and software can be characterized as challenging research area due to constant development of technology in the digital world and rise of various manners in which it can be utilized for illegal purposes. There are many developed tools and software for digital forensics, some of them available for a license, and some of them free of charge. However, given that some practitioners from this field argue for commercial while others for open-source software, the reliability of the digital evidence which is collected, analyzed, and presented by both is constantly questioned. Motivated by the dilemma which tool or software for extracting digital evidence to use, we have conducted the review of the existing studies which directed us towards the examination of the performance of two different types of digital forensics tools: open-source (Linux Autopsy Sleuth Kit) and commercial (Magnet Axiom). The results of the research showed that the open-source digital forensics tool has better performance in comparison to the commercial one. In addition to this conclusion which can be useful for further investigations and research in both practical digital forensics and academic community, we also provide open issues to be addressed in the future.

References

  1. 1.
    Baraković, S., Baraković Husić, J.: We have problems for solutions: the state of cybersecurity in Bosnia and Herzegovina. Inf. Secur.: Int. J. 32, 131–154 (2015)Google Scholar
  2. 2.
    Baraković, S., Kurtović, E., Božanović, O., Mirojević, A., Ljevaković, S., Jokić, A., Peranović, M., Baraković Husić, J.: Security issues in wireless networks: an overview. In: 11th International Symposium on Telecommunications (BIHTEL 2016) (2016)Google Scholar
  3. 3.
    Garfinkel, S.L.: Digital forensics research: the next 10 years. Digit. Investig. 7, 64–73 (2010)CrossRefGoogle Scholar
  4. 4.
    Erbacher, R.B.: Validation for digital forensics. In: 7th International Conference on Information Technology: New Generations (2010)Google Scholar
  5. 5.
    Ayers, D.: A second generation computer forensic analysis system. Digit. Investig. 6, 34–42 (2009)CrossRefGoogle Scholar
  6. 6.
    SIFT Workstation. https://digital-forensics.sans.org/community/downloads. Accessed March 2019
  7. 7.
    Autopsy Sleuth Kit. https://www.sleuthkit.org/autopsy/. Accessed March 2019
  8. 8.
    Data Dumper. https://perldoc.perl.org/Data/Dumper.html. Accessed March 2019
  9. 9.
  10. 10.
    Forensic Toolkit (FTK). https://accessdata.com/products-services/forensic-toolkit-ftk. Accessed March 2019
  11. 11.
    EnCase Forensics. https://www.guidancesoftware.com/encase-forensic Accessed March 2019
  12. 12.
    Cellebrite UFED Ultimate. https://www.cellebrite.com/en/products/ufed-ultimate/. Accessed March 2019
  13. 13.
    WinHex: Computer Forensics & Data Recovery Software, Hex Editor & Disk Editor. https://www.x-ways.net/winhex/. Accessed March 2019
  14. 14.
    Wilsdon, T., Slay, J.: Validation of forensic computing software utilising black box testing techniques. In: Australian Digital Forensics Conference (2006)Google Scholar
  15. 15.
    NIST, Digital Data Acquisition Tool Specification (v4.0). Technical Report (2004)Google Scholar
  16. 16.
    Guo, Y., Slay, J.: Computer forensic functions testing: media preparation, write protection and verification. J. Digit. Forensics Secur. Law 5(2), 5–20 (2010)Google Scholar
  17. 17.
    SWGDE/SWGIT, Guidelines & Recommendation for Training in Digital & Multimedia Evidence (2009)Google Scholar
  18. 18.
    Computer Hope. https://www.computerhope.com/issues/ch001789.htm. Accessed March 2019
  19. 19.
    Olivier, M.: On a scientific theory of digital forensics. In: IFIP International Conference on Digital Dorensics (2016)Google Scholar
  20. 20.
    NIST, Digital Data Aqusition Tool Test Assertions and Test Plan (v1.0). Technical Report (2005)Google Scholar
  21. 21.
    NIST, Computer Forensics Tool Testing (CFTT). http://www.cftt.nist.gov. Accessed March 2019
  22. 22.
    Bellin, K., Creutzburg, R.: Concept of a master course for IT and media forensics part II: android forensics. In: 9th International Conference of IT Security Incident Management and IT Forensics (2015)Google Scholar
  23. 23.
    Siddique, A., Alam, M.A., Chaudhary, O.: A proposed structured digital investigation and documentation model (DIDM). Int. J. Adv. Res. Comput. Sci. 8(7) (2010)CrossRefGoogle Scholar
  24. 24.
    Padmanabhan, R., Lobo, K., Ghelani, M., Sujan, D., Shirole, M.: Comparative analysis of commercial and open source mobile device forensics tools. In: 9th International Conference on Contemporary Computing (IC3) (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Andrea Dizdarević
    • 1
  • Sabina Baraković
    • 1
    • 2
    Email author
  • Jasmina Baraković Husić
    • 2
  1. 1.American University in Bosnia and HerzegovinaSarajevoBosnia and Herzegovina
  2. 2.University of SarajevoSarajevoBosnia and Herzegovina

Personalised recommendations