Quantifying Uniformity of Open-source Digital Forensic Platforms
L. van Campen (TU Delft - Electrical Engineering, Mathematics and Computer Science)
C. Lofi – Mentor (TU Delft - Web Information Systems)
A.L.D. Latour – Graduation committee member (TU Delft - Algorithmics)
Harm van Beek – Graduation committee member (Nederlands Forensisch Instituut (NFI))
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
In forensic investigations, an increasing amount of evidence is retrieved from digital devices. This evidence is often extracted from devices using digital forensic platforms. The platforms are able to extract digital traces from several types of files, originating from different applications, such as email applications from laptops or chat applications from smartphones. Developing support for a new file format and adding it to a digital forensic platform is time-consuming and difficult. An alternative approach is to integrate an existing digital forensic platform into another platform to extend its capabilities. This is, however, not trivial because firstly, it is difficult to choose a platform to integrate. This difficulty stems firstly from the fact that there exists no overview of open-source digital forensic platforms that can be used to compare advantages and disadvantages of the platforms. The first aim of this thesis is therefore to provide an overview of available open-source digital forensic platforms. This overview is created by means of online research.
The second reason that it is difficult to choose a platform to integrate is that it is difficult to assess whether the output of these platforms is accessible and structured such that it can easily be integrated. The second aim of this thesis is therefore to determine what the best method is to quantify the uniformity of the output of digital forensic platforms and to develop a proof of concept implementing this method. Developing the uniformity metric is done by first dividing the concept of uniformity into six sub-forms of uniformity. Conceptual methods to quantify each of those forms are provided, and we present a concrete implementation of a proof-of-concept.
The results of this thesis imply that although development of digital forensic platforms is actively ongoing, developers miss out on improving the digital forensic field as a whole by not considering the interoperability of the platforms they develop.