Software for efficient file elimination in computer forensics investigations

Author

Chad Werner Davis, West Virginia University

Semester

Spring

Date of Graduation

2004

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Roy S. Nutter, Jr.

Abstract

Computer forensics investigators, much more than with any other forensic discipline, must process an ever continuing increase of data. Fortunately, computer processing speed has kept pace and new processes are continuously being automated to sort through the voluminous amount of data. There exists an unfulfilled need for a simple, streamlined, standalone public tool for automating the computer forensics analysis process for files on a hard disk drive under investigation. A software tool has been developed to dramatically reduce the number of files that an investigator must individually examine. This tool utilizes the National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) database to automatically identify files by comparing hash values of files on the hard drive under investigation to "known good" files (e.g., unaltered application files) and "known bad" files (e.g., exploits). This tool then provides a much smaller list of "unknown" files to be closely examined.

Recommended Citation

Davis, Chad Werner, "Software for efficient file elimination in computer forensics investigations" (2004). Graduate Theses, Dissertations, and Problem Reports. 1423.
https://researchrepository.wvu.edu/etd/1423