Semester
Spring
Date of Graduation
2004
Document Type
Thesis
Degree Type
MS
College
Statler College of Engineering and Mineral Resources
Department
Lane Department of Computer Science and Electrical Engineering
Committee Chair
Roy S. Nutter, Jr.
Abstract
Computer forensics investigators, much more than with any other forensic discipline, must process an ever continuing increase of data. Fortunately, computer processing speed has kept pace and new processes are continuously being automated to sort through the voluminous amount of data. There exists an unfulfilled need for a simple, streamlined, standalone public tool for automating the computer forensics analysis process for files on a hard disk drive under investigation. A software tool has been developed to dramatically reduce the number of files that an investigator must individually examine. This tool utilizes the National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) database to automatically identify files by comparing hash values of files on the hard drive under investigation to "known good" files (e.g., unaltered application files) and "known bad" files (e.g., exploits). This tool then provides a much smaller list of "unknown" files to be closely examined.
Recommended Citation
Davis, Chad Werner, "Software for efficient file elimination in computer forensics investigations" (2004). Graduate Theses, Dissertations, and Problem Reports. 1423.
https://researchrepository.wvu.edu/etd/1423