Interesting research in the field of Visual Computer Forensic Analysis has been presented at Black Hat 2009 by Greg Conti and Erik Dean from the United States Military Academy
Their research uses a visualisation tool to “view” files in a system being forensically analysed. In this manner, a file that is considered unknowned from its filename can be identified by the way it looks. A MS Word file will look different to say a JPEG file. To do this traditionally would require the analyst to use two viewers.
The researchers say, “Visualization has the potential to dramatically change the field of computer forensics. Each time we created a new visualization tool there were always surprising insights. Visualizations create windows on data that hasn’t ever been readily visible, much to the dismay of people trying to hide information in the dark corners of a computer.”
Technorati Tags: black hat, computer forensics, Erik Dean, forensic analysis, Greg Conti, military academy, visual forensics
Source: http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202428248638
Comments are closed.