Digital Forensics Technology: Why Open Thesis

The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that seek to define more efficient approaches to this area of evidence acquisition through collaboration of development efforts. Their results over the long-term are changing the use of forensic software, both from an open source and proprietary standpoint.

The authentication phase of gathering digital evidence centers on the integrity of the data captured and stored. This specific phase relies heavily on evidential integrity and authenticity of records (Barret, 2004) in addition to compliance to ISO 15489:1 (2001) a records management standard that has been proven admissible in courts for the preservation of digital evident. This standard is considered integral to evidential integrity of digital evidence (Irons, 2006). As part of this standard, authenticity of records are verified by the sender and received, the time they were created, send and read and the validity of what their intended purpose is. All of these factors are taken into account in defining the veracity of claims regarding their use for legal vs. illegal purposes (Abel, 2009). As forensic software is based on a series of rules and in some cases constraints, the rules-driven approach to defining evidential integrity is also used and a relative score is provided for each series of authorized vs. unauthorized actions. This in effect creates a benchmarking of threat levels by activity and can over time be used for predicting which potential sequence of activities will lead to an illegal activity or not (Irons, 2006). In this way the acquisition of digital evidence is supported through the advanced intelligence that the rules engine in forensic software provides. Just as with the acquisition of evidence this phase of authentication is also benefiting from the collaborative efforts of developers in the open source development community. The concentration of how to ensure compliance to the ISO standard is an area of continual collective effort on the part of developers in the digital forensics development community.

The analysis of digital evidence is the most rapidly advancing of all in the areas of open source forensic software. Due to the continual refinement of rules, the hybrid approach to the use of constraints (O'Connor, 2005) and the development of auditability of cybertrails (Irons, 2006) all contribute to this area experiencing the greatest technological gains in the last five years. Analysis of digital evidence is also including advanced pattern matching and linguistic analysis to determine if there are data and access patterns not discernable through more common techniques of statistical analysis. There is also the use of cluster and discriminant analysis to find emerging patterns in data over time (Abel, 2009). These advanced forms of analysis are critically important for overcoming the threats that have grown exponentially in terms of sophistication and strength (Abel, 2009). Analysis of digital evidence is also an area that has ethical boundaries as well, with the need to have legal access to accounts to analyze them (Abel, 2009). The ethicacy of monitoring systems for security however, when exposed to the general public has been upheld in court however (Volonino, 2003).

Conclusion

The use of open source forensic software will continue to grow rapidly as the business factors including a lower TCO and the continual improvement of the software through collaborative development communities continue as well. There is also the need for having digital forensics open sourced to enable a greater level of creativity and innovation in response to the rapid rise in threat sophistication and strength (Abel, 2009). Open source forensic software, like enterprise-wide open sours software, has gone through a transformation from being initially seen as lacking in security, reliability and support. Like its enterprise software counterpart however, it has emerged from these perceived shortcomings to become an essential part of broader enterprise digital forensic analysis and evidence platforms in organizations both private and public (Barbin, Patzakis, 2002).

References

Abel, W. (2009). Agents, Trojans and tags: The next generation of investigators. International Review of Law, Computers & Technology,23(1/2), 99.

Barbin, D., Patzakis, J. (2002), "Computer forensics emerges as an integral component of an enterprise information assurance program," Information Systems Control Journal, Vol. 3 pp.25-7.

Barret, N. (2004), "Computer forensics an introduction," Records Management Society Bulletin, No.121, pp.9-10.

Bates, J. (1997), "Fundamentals of computer forensics," International Journal of Forensic Computing, December, 2005.

Berghel, H. (2003), "The discipline of internet forensics," Communications of the ACM, Vol. 46 No.8, pp.15-20.

Erickson, J.(2009, June). App Dev That Delivers. InformationWeek,(1233), 35-39.

Forte, D. (2008). Dealing with forensic software vulnerabilities: is anti-forensics a real danger? Network Security, 2008(12), 18-20.

Alastair Irons. (2006). Computer forensics and records management - compatible disciplines. Records Management Journal, 16(2), 102-112.

ISO 15489-1 (2001), Information and Documentation -- Records Management. Part 1: General, International Standards Organisation, Geneva.

Muller-Seitz, G., & Roger, G. (2009). Is open source software living up to its promises? Insights for open innovation management from two open source software-inspired projects. R & D. Management, 39(4), 372.…