Hello everyone, i know this might be a bit off topic, but, is anyone aware of some documents and case studies of the past where the usage of open source software in a forensic examination did the difference/played an important role?
i generally relay a lot on open source software for my daily forensics activity, but i also would like to hear from you.
thanks )
I don't rely on open source software to perform my day-to-day analysis because I just don't work in the way that they generally do (command-line). Generally, open source tools do not make it easy to visualise the data or at least not as easily as proprietary tools do. I'm not talking about point-and-click forensics but the job of getting at the evidence should be as easy as possible. Having found the evidence I do use a variety of methods to verify any findings and open source tools have a definite part to play here. I use them quite a lot in this context.
The other thing I do is use open source tools to manipulate any output. I do my analysis in Windows generally but I have a Linux VM with a couple of shared folders. A simple example might be if I had a list of URLs that I needed to add line numbers to then I would drop the file into a shared folder run 'nl [file]' on the file and bingo the job is done.
Paul
I know that encase and other analysis tools are essential in a lab, i was only looking forward on success stories where open source forensicds tools played a role.
thanks for your experience )