Abstract
In this chapter we discuss the application of the open source software tools in computer forensics education at tertiary level. We argue that open source tools are more suitable than commercial tools, as they provide the opportunity for students to gain in-depth understanding and appreciation of the computer forensic process as opposed to familiarity with one software product, however complex and multi-functional. With the access to all source programs the students become more than just the consumers of the tools as future forensic investigators. They can also examine the code, understand the relationship between the binary images and relevant data structures, and in the process gain necessary background to become the future creators of new and improved forensic software tools. As a case study we present an advanced subject, Computer Forensics Workshop, which we designed for the Bachelor’s degree in computer science at the University of Western Sydney. We based all laboratory work and the main take-home project in this subject on open source software tools. We found that without exception more than one suitable tool can be found to cover each topic in the curriculum adequately. We argue that this approach prepares students better for forensic field work, as they gain confidence to use a variety of tools, not just a single product they are familiar with.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
AccessData (2008). http://www.accessdata.com/. Accessed 2 March 2008
ACM Computing Curricula 2001 Computer Science (2001). http://www.computer.org/portal/cms_docs_ieeecs/ieeecs/education/cc2001/cc2001.pdf. Accessed 3 December 2006
BackTrack, Remote-Exploit.org. http://www.remote-exploit.org/backtrack.html. Accessed 1 August 2007
Computer Forensic Tool for Law Enforcement (2006). http://www.techpathways.com/ProDiscoverDFT.htm. Accessed 20 October 2006
DEFT (2008) http://deft.yourside.it/index.php. Accessed 18 February 2008
EnCase Forensic Modules (2007) http://www.guidancesoftware.com/products/ef_modules.asp. Accessed 17 December 2007
INSERT Inside Security Rescue Toolkit. http://www.inside-security.de/insert_en.html. Accessed 28 November 2007
Microsoft, Alternatives to the Directory Replicator Service (2006)
Microsoft, Windows Sysinternals (2007) http://www.microsoft.com/technet/sysinternals/default.mspx. Accessed 12 June 2007
Microsoft, Windows Research Kernel (2006) www.microsoft.com/WindowsAcademic. Accessed 15 November 2008
NTI (2008) http://www.forensics-intl.com/index.html. Accessed on 30 June 2007
Paraben Corporation (2008) http://www.paraben.com/. Accessed on 30 March 2008
Pasco (2008) http://sourceforge.net/project/shownotes.php?release_id=152387&group_id=78332. Accessed 21 June 2008
ProDiscover Forensics (2006) http://www.techpathways.com/ProDiscoverDFT.htm. Accessed 20 October 2006
PTK an alternative Sleuthkit interface - DFLabs (2008) http://ptk.dflabs.com/. Accessed 31 August 2008
The Open Group Base Specifications Issue 6 (2004) http://www.opengroup.org/onlinepubs/009695399/utilities/dd.html. Accessed 21 March 2007
True Crypt - Free Open-Source On-The-Fly Disk Encryption Software (2007) http://www.truecrypt.org/. Accessed 15 January 2007
University of Western Sydney Handbook (2008) http://handbook.uws.edu.au/hbook/course.asp?course=3506. Accessed 6 February 2008
University of Western Sydney Handbook - units (2008) http://handbook.uws.edu.au/hbook/unit.asp?unit=300447.1. Accessed 10 March 2008
VMware. http://www.vmware.com/. Accessed 10 March 2008
Web Historian http://www.download.com/Web-Historian/3000-2653_4-10373157.html?part=dl-RedCliffW&subj=dl&tag=button&cdlPid=10562519. Accessed 21 June 2008
Windows Forensic Toolchest (WFT) (2007) http://www.foolmoon.net/security/wft/. Accessed on 15 June 2008
Wireshark (2008) http://www.wireshark.org/about.html. Accessed 20 November 2007
X-Ways Software Technology AG (2007) http://www.winhex.com/. Accessed 7 October 2006
Xen. http://xen.org/. Accessed 9 June 2007
Bem D (2008) Open Source Virtual Environments in Computer Forensics, the 1st Workshop on Open Source Software for Computer and Network Forensics, Milan, Italy
Carrier B (2007) The Sleuth Kit. http://www.sleuthkit.org/sleuthkit/desc.php. Accessed 10 February 2007
E-fence, The HELIX Live CD (2007) http://www.e-fense.com/helix/. Accessed 9 Feb. 2007
Farmer D, Venema W (2007) The Coroner’s Toolkit (TCT). http://www.porcupine.org/forensics/tct.html. Accessed 25 April 2007
Gottschalk L, Liu J, Dathan B, Fitzgerald S, Stein M (2005) Computer forensics programs in higher education: a preliminary study, SIGCSE Technical Symposium on Computer Science Education, 203-231
Grundy BJ (2007) The Law Enforcement and Forensic Examiner - Introduction to Linux - A Beginner’s Guide to Linux as a Forensic Platform. http://www.linuxleo.com/Docs/linuxintro-LEFE-3.21.pdf. Accessed on 17 March 2008
Hentea M, Dhillon HS, Dhillon M (2006) Towards Changes in Information Security Education. Journal of Information Technology Education 5:221-233
Huebner E and Bem D (2008) Forensic Extraction of EFS Encrypted Files in Live System Investigation, Journal of Digital Forensic Practice 2:1-12
Russon R, Fledel Y (2004) NTFS Documentation, Free Software Foundation, Inc.
Yasinsac A, Erbacher RF, Marks DG, Pollitt MM, Sommer PM (2003), Computer Forensics Education. IEEE Security and Privacy 1(4):15-23
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this paper
Cite this paper
Huebner, E., Bem, D., Cheung, H. (2010). Computer Forensics Education – the Open Source Approach. In: Huebner, E., Zanero, S. (eds) Open Source Software for Digital Forensics. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5803-7_2
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5803-7_2
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5802-0
Online ISBN: 978-1-4419-5803-7
eBook Packages: Computer ScienceComputer Science (R0)