Abstract
In the digital forensics community, there is no a general agreement on how to classify forensic tools related to the acquisition and analysis phases. The Digital Forensic Tools Catalogue has been developed flowing a bottom-up approach. Each tool has been distinguished on the basis of its own features and later it has been structured and classified in a coherent and sensible way. At the moment, the Catalogue, available on the web, includes about 1500 tools divided into two main branches: tools for the acquisition and tools for the analysis activities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
European Informatics Data Exchange Framework for Court and Evidence, www.evidenceproject.eu.
- 2.
Figure 12.2 represents a simplified view of the overall processes involved in a digital evidence handling , because it is not a sequential flow but it may be circular in some points, for example during the Analysis process, it may be possible to realize that some pieces of evidence have been disregarded, so it is necessary to come back to the Acquisition phase to perform a new acquisition activity.
- 3.
LNK files, known as link files, allow to quickly access to files stored in different locations. They assume the features of the file they point to.
- 4.
JumpList, part of the Windows systems starting with version 7, allow to swiftly access to the most used folders.
- 5.
Artifact includes all the information stored in the registry of the system, related to users or system activities, In Windows system examples of artifact are: file download, file opening/creation, programs. execution, USB or Drive usages, Account usage, Browser usage, etc.
- 6.
The total number does not correspond to the algebraic sum of the acquisition and analysis tools, because some tools belong to both branches.
- 7.
The chronological representation of the events occurred in a given time frame, rebuilt through digital traces left on a digital device.
- 8.
- 9.
Il National Institute of Standards and Technology. NIST is a government agency of the USA that deals with technologies.
References
ISO/IEC 27037: Information technology – Security techniques – Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence. http://www.iso.org/iso/catalogue_detail?csnumber=44381 (2012)
ISO/IEC 27042: Information Technology – Security Techniques – Guidelines for the Analysis and Interpretation of Digital Evidence. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44406 (2015)
ISO/IEC 27043: Information Technology – Security Techniques – Incident Investigation Principles and Processes. http://www.iso.org/iso/catalogue_detail.htm?csnumber=44407 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Epifani, M., Turchi, F. (2018). Digital Forensic Tools Catalogue, a Reference Point for the Forensic Community. In: Biasiotti, M., Mifsud Bonnici, J., Cannataci, J., Turchi, F. (eds) Handling and Exchanging Electronic Evidence Across Europe. Law, Governance and Technology Series, vol 39. Springer, Cham. https://doi.org/10.1007/978-3-319-74872-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-74872-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74871-9
Online ISBN: 978-3-319-74872-6
eBook Packages: Law and CriminologyLaw and Criminology (R0)