FERRET Active forensic analysis of Windows-based computers

Abstract

In today’s world, the use of computers is increasing. Where on one hand the use of technology has created many miracles, on the other hand it has given rise to cybercrime (computer-related crime) such as hacking, phishing, identity theft, child pornography, online gambling, securities fraud, etc. Digital Forensics is all about acquisition of data from digital information systems (e.g., computers, mobile phones, MP3 Players, digital cameras, etc) and then analyzing this data for investigations related to a particular event. This project proposes the research of digital evidence aspects of the Windows operating system and applications and development of a Windows-based digital evidence investigation toolkit. This collection of tools enables an investigator to quickly and easily extract detailed information about the use of a Windows-based computer system. The project caters four basic modules of the forensic analysis; system data, browser data, passwords and file related data. System data extractor extracts information about USBs attached to system, system restore points and open windows. Password Recovery tools extracts windows messenger passwords. File data extraction parses Office files and image files to retrieve file properties. The last tool, the browser data extractor retrieves browser history, favorite links and searched strings. Such data is extremely valuable for both law-enforcement and corporate policy breach investigation. The limitations of this project are that it is limited to Windows XP operating system. Secondly, it parses only Office 2003 files and retrieves the history for only Internet Explorer 6.0. The toolkit has been tested on various system and files which ensures its reliability.