Abstract
Currently real time support tracking and identifying files across networks is extremely limited. In this paper we propose a flexible, open source software architecture for real-time analysis of the Web and local area networks in order to identify and track images and other forms of illicit files or malware. A prototype architecture has been developed and was evaluated using a series of anonymous case studies. Calculating and storing their MD5 message digest identify the files. The results of this can be used in several different ways. For example, comparisons of message digest results on obtained from files on a user’s machine against a database of known files may reveal certain malware, such as Trojans or unlicensed software. Additionally, an illicit image may be found in this way. If a file is found on more than one website or hard drive then a comparison of the modified, accessed, and created (MAC) times may give some idea as to the order in which a file has migrated across a network. Results showed that files could be tracked and identified in the majority of cases and that the prototype showed promise in a live case scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ACPO,(2003), Good Practice Guide for Computer Based Electronic Evidence, The Association of Chief Police Officers.
Adelstein, F, (2003), “MFP: The Mobile Forensic Platform”, International Journal of Digital Evidence, Vol. 2, No. 1, http://www.iide.org/docs/03 spring art2.pdf, (retrieved 27th August 2003).
Carrier, B (2002) “Open Source Digital Forensics Tools: The Legal Argument”, @Stake, http://www.atstake.com (retrieved 4th November 2004).
Connolly, T; Begg, C; Strachan, A, (1998), “Database Systems: A Practical Approach to Design, Implementation, and Management”, Addison-Wesley, pp 496–497.
Meyler, C; Sutherland, I, (2003), “A Generic Set of Requirements for Open Source Computer Forensic and Intelligence Gathering Tools”, Proceedings of the 2nd European Conference on Information Warfare and Security, Reading, UK, pp225–233.
EnCase, (2005), “EnCase V5 Briefings”, Available from Guidance Software.
“NetForensics 2.0 Technical Evaluation, NSS Group Report”, (2000), NetForensics, http://www.netforensics.com, (retrieved November 2002).
ODESSA, (2003), http://www.odessa.sourceforge.net (retrieved 3rd July 2003).
PyFlag, (2005), “Welcome to PyFlag.sourceforge.net”, http://pyflag.sourccforge.net/, (retrieved 22nd July 2005).
Rowlingson, R, (2004), “A Ten Step Process for Forensic Readiness”, The International Journal of Digital Evidence, Vol 2, No 3, http://www.ijde.org, (retrieved 4th November 2004).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag London Limited
About this paper
Cite this paper
Meyler, C., Sutherland, I. (2006). A Flexible, Open Source Software Architecture for Network-Based Forensic Computing & Intelligence Gathering. In: Blyth, A. (eds) EC2ND 2005. Springer, London. https://doi.org/10.1007/1-84628-352-3_25
Download citation
DOI: https://doi.org/10.1007/1-84628-352-3_25
Publisher Name: Springer, London
Print ISBN: 978-1-84628-311-6
Online ISBN: 978-1-84628-352-9
eBook Packages: Computer ScienceComputer Science (R0)