Publicado:

2024-12-03

Número:

Vol. 18 Núm. 2 (2024)

Sección:

Visión Actual

Computer Forensics Software Tools

Herramientas Informáticas en Computación Forense

Autores/as

  • Lilia Edith Aparicio Pico Universidad Distrital Francisco José de Caldas
  • Jonathan Morrison Tarquino Universidad Distrital Francisco José de Caldas

Palabras clave:

Forensic Tools, Computer Forensics, Forensic Analysis, Digital Incident Investigation, Forensic Methodologies (en).

Palabras clave:

Análisis Forense, Computación Forense, Herramientas Forenses, Informática Forense, Investigación de Incidentes Digitales, Metodologías Forenses (es).

Descargas

Resumen Métricas disponibles Referencias Cómo citar

Resumen (en)

This research explores the process associated with analysis in forensic computing, structuring it into four widely recognized phases: collection, examination, analysis and reporting. In addition, it relates this process to specific procedures used in the study of digital incidents, with the purpose of identifying specific needs linked to the main computer tools used in forensic computing. 

 

In the development of the study, two tools are identified for each forensic procedure, selected according to their characteristics, uses and functionalities. These tools are described and subsequently compared to evaluate their main advantages and disadvantages. The results of this comparison are presented in a table that allows a quick and accessible analysis of the items evaluated. 

 

Additionally, the work emphasizes the use of multifunctional tools that allow the execution of more than one forensic procedure. These tools, although not directly compared in the study, stand out for their growing adoption due to their versatility and integration with the diverse needs of forensic computing researchers. 

Resumen (es)

La presente investigación explora el proceso asociado al análisis en informática forense, estructurándolo en cuatro fases ampliamente reconocidas: recolección, examinación, análisis y reporte. Además, relaciona este proceso con procedimientos específicos empleados en el estudio de incidentes digitales, con el propósito de identificar necesidades concretas vinculadas a las principales herramientas informáticas utilizadas en la computación forense. 

 

En el desarrollo del estudio, se identifican dos herramientas para cada procedimiento forense, seleccionadas según sus características, usos y funcionalidades. Estas herramientas son descritas y posteriormente comparadas con el fin de evaluar sus principales ventajas y desventajas. Los resultados de esta comparación se presentan en un cuadro que permite un análisis rápido y accesible de los ítems evaluados. 

 

Adicionalmente, el trabajo enfatiza el uso de herramientas multifuncionales que permiten la ejecución de más de un procedimiento forense. Estas herramientas, aunque no son objeto directo de comparación en el estudio, destacan por su creciente adopción debido a su versatilidad e integración con las diversas necesidades de los investigadores en informática forense. 

Referencias

By C. L. T. Brown “Computer Evidence: Collection & Preservation”, in Journal of Digital Forensic Practice, vol. 1, pp. 71–72. [Online]. Available: https://www.tandfonline.com/doi/abs/10.1080/15567280500541397

W. A. Bhat, A. Alzahrani, and M. A. Wani, “Can computer forensic tools be trusted in digital investigations?” Science and Justice, vol. 61, no. 2, pp. 198–203, Mar. 2021. https://doi.org/10.1016/j.scijus.2020.10.002

B. K. Akcam, “Forensic Science International we should give special mention to the observance of secrecy in the automotive industry in case of security relevant systems Digitizing Forensic Laboratories: The Turkish Criminal Police Laboratories Case.”

L. Xu, B. Wang, L. Wang, D. Zhao, X. Han, and S. Yang, “PLC-SEIFF: A programmable logic controller security incident forensics framework based on automatic construction of security constraints,” Computers and Security, vol. 92, May 2020. https://doi.org/10.1016/j.cose.2020.101749

M. I. Cohen, D. Bilby, and G. Caronni, “Distributed forensics and incident response in the enterprise,” in Digital Investigation, 2011, vol. 8. https://doi.org/10.1016/j.diin.2011.05.012

C. J. Courtney Mustaphi et al., “Guidelines for reporting and archiving 210Pb sediment chronologies to improve fidelity and extend data lifecycle,” Quaternary Geochronology, vol. 52, pp. 77–87, Jun. 2019. https://doi.org/10.1016/j.quageo.2019.04.003

P. Lutta, M. Sedky, M. Hassan, U. Jayawickrama, and B. Bakhtiari Bastaki, “The complexity of internet of things forensics: A state-of-the-art review,” Forensic Science International: Digital Investigation, vol. 38. Elsevier Ltd, Sep. 01, 2021. https://doi.org/10.1016/j.fsidi.2021.301210

W. Halboob, R. Mahmod, N. I. Udzir, and M. D. T. Abdullah, “Privacy levels for computer forensics: Toward a more efficient privacy-preserving investigation,” in Procedia Computer Science, 2015, vol. 56, no. 1, pp. 370–375. https://doi.org/10.1016/j.procs.2015.07.222

G. Ma, Z. Wang, L. Zou, and Q. Zhang, “Computer forensics model based on evidence ring and evidence chain,” in Procedia Engineering, 2011, vol. 15, pp. 3663–3667. https://doi.org/10.1016/j.proeng.2011.08.686

M. Saadoon, S. H. Siti, H. Sofian, H. H. M. Altarturi, Z. H. Azizul, and N. Nasuha, “Fault tolerance in big data storage and processing systems: A review on challenges and solutions,” Ain Shams Engineering Journal, vol. 13, no. 2. Ain Shams University, Mar. 01, 2022. https://doi.org/10.1016/j.asej.2021.06.024

D. Closser and E. Bou-Harb, “A live digital forensics approach for quantum mechanical computers,” Forensic Science International: Digital Investigation, vol. 40, p. 301341, Apr. 2022. https://doi.org/10.1016/j.fsidi.2022.301341

G. Koorey, S. McMillan, and A. Nicholson, “Incident Management and Network Performance,” in Transportation Research Procedia, 2015, vol. 6, pp. 3–16. https://doi.org/10.1016/j.trpro.2015.03.002

K. Barik, S. Das, K. Konar, B. Chakrabarti Banik, and A. Banerjee, “Exploring user requirements of network forensic tools,” Global Transitions Proceedings, vol. 2, no. 2, pp. 350–354, Nov. 2021. https://doi.org/10.1016/j.gltp.2021.08.043

A. M. Marshall, “Digital forensic tool verification: An evaluation of options for establishing trustworthiness,” Forensic Science International: Digital Investigation, vol. 38, Sep. 2021. https://doi.org/10.1016/j.fsidi.2021.301181

T. Wu, F. Breitinger, and S. O’Shaughnessy, “Digital forensic tools: Recent advances and enhancing the status quo,” Forensic Science International: Digital Investigation, vol. 34, Sep. 2020. https://doi.org/10.1016/j.fsidi.2020.300999

W. A. Bhat, A. AlZahrani, and M. A. Wani, “Can computer forensic tools be trusted in digital investigations?” Science and Justice, vol. 61, no. 2, pp. 198–203, Mar. 2021. https://doi.org/10.1016/j.scijus.2020.10.002

A. Daniel D and S. E. Roslin, “Data validation and integrity verification for trust-based data aggregation protocol in WSN,” Microprocessors and Microsystems, vol. 80. Elsevier B.V., Feb. 01, 2021. https://doi.org/10.1016/j.micpro.2020.103354

J. Tian and X. Jing, “Cloud data integrity verification scheme for associated tags,” Computers and Security, vol. 95, Aug. 2020. https://doi.org/10.1016/j.cose.2020.101847

C. Yang, F. Zhao, X. Tao, and Y. Wang, “Publicly verifiable outsourced data migration scheme supporting efficient integrity checking,” Journal of Network and Computer Applications, vol. 192, Oct. 2021. https://doi.org/10.1016/j.jnca.2021.103184

Q. Zhao, S. Chen, Z. Liu, T. Baker, and Y. Zhang, “Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems,” Information Processing and Management, vol. 57, no. 6, Nov. 2020. https://doi.org/10.1016/j.ipm.2020.102355

K. Porter, R. Nordvik, F. Toolan, and S. Axelsson, “Timestamp prefix carving for filesystem metadata extraction,” Forensic Science International: Digital Investigation, vol. 38, Sep. 2021. https://doi.org/10.1016/j.fsidi.2021.301266

R. Nordvik, K. Porter, F. Toolan, S. Axelsson, and K. Franke, “Generic Metadata Time Carving,” Forensic Science International: Digital Investigation, vol. 33, Jul. 2020. https://doi.org/10.1016/j.fsidi.2020.301005

M. Kiweler, M. Looso, and J. Graumann, “MARMoSET – Extracting Publication-ready Mass Spectrometry Metadata from RAW Files,” Molecular and Cellular Proteomics, vol. 18, no. 8, pp. 1700–1702, 2019. https://doi.org/10.1074/mcp.TIR119.001505

N. K. Booker, P. Knights, J. D. Gates, and R. E. Clegg, “Applying principal component analysis (PCA) to the selection of forensic analysis methodologies,” Engineering Failure Analysis, vol. 132, Feb. 2022. https://doi.org/10.1016/j.engfailanal.2021.105937

J. W. Ma, T. Czerniawski, and F. Leite, “An application of metadata-based image retrieval system for facility management,” Advanced Engineering Informatics, vol. 50, Oct. 2021. https://doi.org/10.1016/j.aei.2021.101417

Cómo citar

APA

Aparicio Pico, L. E., y Morrison Tarquino, J. (2024). Computer Forensics Software Tools. Visión electrónica, 18(2). https://revistas.udistrital.edu.co/index.php/visele/article/view/23380

ACM

[1]
Aparicio Pico, L.E. y Morrison Tarquino, J. 2024. Computer Forensics Software Tools. Visión electrónica. 18, 2 (dic. 2024).

ACS

(1)
Aparicio Pico, L. E.; Morrison Tarquino, J. Computer Forensics Software Tools. Vis. Electron. 2024, 18.

ABNT

APARICIO PICO, Lilia Edith; MORRISON TARQUINO, Jonathan. Computer Forensics Software Tools. Visión electrónica, [S. l.], v. 18, n. 2, 2024. Disponível em: https://revistas.udistrital.edu.co/index.php/visele/article/view/23380. Acesso em: 26 mar. 2025.

Chicago

Aparicio Pico, Lilia Edith, y Jonathan Morrison Tarquino. 2024. «Computer Forensics Software Tools». Visión electrónica 18 (2). https://revistas.udistrital.edu.co/index.php/visele/article/view/23380.

Harvard

Aparicio Pico, L. E. y Morrison Tarquino, J. (2024) «Computer Forensics Software Tools», Visión electrónica, 18(2). Disponible en: https://revistas.udistrital.edu.co/index.php/visele/article/view/23380 (Accedido: 26 marzo 2025).

IEEE

[1]
L. E. Aparicio Pico y J. Morrison Tarquino, «Computer Forensics Software Tools», Vis. Electron., vol. 18, n.º 2, dic. 2024.

MLA

Aparicio Pico, Lilia Edith, y Jonathan Morrison Tarquino. «Computer Forensics Software Tools». Visión electrónica, vol. 18, n.º 2, diciembre de 2024, https://revistas.udistrital.edu.co/index.php/visele/article/view/23380.

Turabian

Aparicio Pico, Lilia Edith, y Jonathan Morrison Tarquino. «Computer Forensics Software Tools». Visión electrónica 18, no. 2 (diciembre 3, 2024). Accedido marzo 26, 2025. https://revistas.udistrital.edu.co/index.php/visele/article/view/23380.

Vancouver

1.
Aparicio Pico LE, Morrison Tarquino J. Computer Forensics Software Tools. Vis. Electron. [Internet]. 3 de diciembre de 2024 [citado 26 de marzo de 2025];18(2). Disponible en: https://revistas.udistrital.edu.co/index.php/visele/article/view/23380

Descargar cita

Visitas

0

Descargas

Los datos de descargas todavía no están disponibles.

Licencia

Creative Commons License

Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial 4.0.

atribución- no comercial 4.0 International