Skip to main content
SpringerLink
Log in
Book cover

Open Source Software for Digital Forensics pp 9–23Cite as

Computer Forensics Education – the Open Source Approach

  • Conference paper
  • First Online:

Abstract

In this chapter we discuss the application of the open source software tools in computer forensics education at tertiary level. We argue that open source tools are more suitable than commercial tools, as they provide the opportunity for students to gain in-depth understanding and appreciation of the computer forensic process as opposed to familiarity with one software product, however complex and multi-functional. With the access to all source programs the students become more than just the consumers of the tools as future forensic investigators. They can also examine the code, understand the relationship between the binary images and relevant data structures, and in the process gain necessary background to become the future creators of new and improved forensic software tools. As a case study we present an advanced subject, Computer Forensics Workshop, which we designed for the Bachelor’s degree in computer science at the University of Western Sydney. We based all laboratory work and the main take-home project in this subject on open source software tools. We found that without exception more than one suitable tool can be found to cover each topic in the curriculum adequately. We argue that this approach prepares students better for forensic field work, as they gain confidence to use a variety of tools, not just a single product they are familiar with.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. AccessData (2008). http://www.accessdata.com/. Accessed 2 March 2008

  2. ACM Computing Curricula 2001 Computer Science (2001). http://www.computer.org/portal/cms_docs_ieeecs/ieeecs/education/cc2001/cc2001.pdf. Accessed 3 December 2006

  3. BackTrack, Remote-Exploit.org. http://www.remote-exploit.org/backtrack.html. Accessed 1 August 2007

  4. Computer Forensic Tool for Law Enforcement (2006). http://www.techpathways.com/ProDiscoverDFT.htm. Accessed 20 October 2006

  5. DEFT (2008) http://deft.yourside.it/index.php. Accessed 18 February 2008

  6. EnCase Forensic Modules (2007) http://www.guidancesoftware.com/products/ef_modules.asp. Accessed 17 December 2007

  7. INSERT Inside Security Rescue Toolkit. http://www.inside-security.de/insert_en.html. Accessed 28 November 2007

  8. Microsoft, Alternatives to the Directory Replicator Service (2006)

    Google Scholar 

  9. Microsoft, Windows Sysinternals (2007) http://www.microsoft.com/technet/sysinternals/default.mspx. Accessed 12 June 2007

  10. Microsoft, Windows Research Kernel (2006) www.microsoft.com/WindowsAcademic. Accessed 15 November 2008

  11. NTI (2008) http://www.forensics-intl.com/index.html. Accessed on 30 June 2007

  12. Paraben Corporation (2008) http://www.paraben.com/. Accessed on 30 March 2008

  13. Pasco (2008) http://sourceforge.net/project/shownotes.php?release_id=152387&group_id=78332. Accessed 21 June 2008

  14. ProDiscover Forensics (2006) http://www.techpathways.com/ProDiscoverDFT.htm. Accessed 20 October 2006

  15. PTK an alternative Sleuthkit interface - DFLabs (2008) http://ptk.dflabs.com/. Accessed 31 August 2008

  16. The Open Group Base Specifications Issue 6 (2004) http://www.opengroup.org/onlinepubs/009695399/utilities/dd.html. Accessed 21 March 2007

  17. True Crypt - Free Open-Source On-The-Fly Disk Encryption Software (2007) http://www.truecrypt.org/. Accessed 15 January 2007

  18. University of Western Sydney Handbook (2008) http://handbook.uws.edu.au/hbook/course.asp?course=3506. Accessed 6 February 2008

  19. University of Western Sydney Handbook - units (2008) http://handbook.uws.edu.au/hbook/unit.asp?unit=300447.1. Accessed 10 March 2008

  20. VMware. http://www.vmware.com/. Accessed 10 March 2008

  21. Web Historian http://www.download.com/Web-Historian/3000-2653_4-10373157.html?part=dl-RedCliffW&subj=dl&tag=button&cdlPid=10562519. Accessed 21 June 2008

  22. Windows Forensic Toolchest (WFT) (2007) http://www.foolmoon.net/security/wft/. Accessed on 15 June 2008

  23. Wireshark (2008) http://www.wireshark.org/about.html. Accessed 20 November 2007

  24. X-Ways Software Technology AG (2007) http://www.winhex.com/. Accessed 7 October 2006

  25. Xen. http://xen.org/. Accessed 9 June 2007

  26. Bem D (2008) Open Source Virtual Environments in Computer Forensics, the 1st Workshop on Open Source Software for Computer and Network Forensics, Milan, Italy

    Google Scholar 

  27. Carrier B (2007) The Sleuth Kit. http://www.sleuthkit.org/sleuthkit/desc.php. Accessed 10 February 2007

  28. E-fence, The HELIX Live CD (2007) http://www.e-fense.com/helix/. Accessed 9 Feb. 2007

  29. Farmer D, Venema W (2007) The Coroner’s Toolkit (TCT). http://www.porcupine.org/forensics/tct.html. Accessed 25 April 2007

  30. Gottschalk L, Liu J, Dathan B, Fitzgerald S, Stein M (2005) Computer forensics programs in higher education: a preliminary study, SIGCSE Technical Symposium on Computer Science Education, 203-231

    Google Scholar 

  31. Grundy BJ (2007) The Law Enforcement and Forensic Examiner - Introduction to Linux - A Beginner’s Guide to Linux as a Forensic Platform. http://www.linuxleo.com/Docs/linuxintro-LEFE-3.21.pdf. Accessed on 17 March 2008

  32. Hentea M, Dhillon HS, Dhillon M (2006) Towards Changes in Information Security Education. Journal of Information Technology Education 5:221-233

    Google Scholar 

  33. Huebner E and Bem D (2008) Forensic Extraction of EFS Encrypted Files in Live System Investigation, Journal of Digital Forensic Practice 2:1-12

    Article  Google Scholar 

  34. Russon R, Fledel Y (2004) NTFS Documentation, Free Software Foundation, Inc.

    Google Scholar 

  35. Yasinsac A, Erbacher RF, Marks DG, Pollitt MM, Sommer PM (2003), Computer Forensics Education. IEEE Security and Privacy 1(4):15-23

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Forensis Consulting, 324 GWH, Warrimoo, NSW, 2774, Australia

    Ewa Huebner & Derek Bem

  2. University of Western Sydney, Locked Bag 1797, Penrith South, DC NSW, 1797, Australia

    Hon Cheung

Authors
  1. Ewa Huebner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Derek Bem
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hon Cheung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ewa Huebner .

Editor information

Editors and Affiliations

  1. Computer Forensis Consulting, Great Western Highway 324, Warrimoo, 2774, Australia

    Ewa Huebner

  2. Dipto. Elettronica e Informazione (DEI), Politecnico di Milano, Via Ponzio 34/5, Milano, 20133, Italy

    Stefano Zanero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this paper

Cite this paper

Huebner, E., Bem, D., Cheung, H. (2010). Computer Forensics Education – the Open Source Approach. In: Huebner, E., Zanero, S. (eds) Open Source Software for Digital Forensics. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5803-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-5803-7_2

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-5802-0

  • Online ISBN: 978-1-4419-5803-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation