Home - ShehanWeerakkody/OpenDF GitHub Wiki

OpenDF: A Digital Forensics Cloud Tool

Digital forensics tools are used to investigate cyber crimes happening nowadays. The more powerful the tool is the easier it is to gather evidence. Our aim is to develop a powerful Digital Forensics tool with the power of cloud computing to enable the investigators mine the evidences effectively and report successfully.

The Goal and Objectives

To develop a cloud based digital forensics tool to make cyber crime investigation more efficient and effective.

  1. Improve the usability of analysis of processed forensics data.
  2. Decrease the disk image processing time.
  3. Strengthen the team collaboration in investigations.
  4. Increase the confidentiality and security of the investigation.

Tentative Problem Definition

Most digital forensics tools are just command line tools. These kind of command line tools are not user friendly and have a huge learning curves. They need lot of patience and practice. There are some digital forensics tools with graphical user interfaces but they are simple desktop applications and are limited to one machine, one user. But in real world, a team of investigators works on one disk image looking for evidences and this leads the same disk image to be processed again and again on different machine for different investigators. Generally, Digital forensics tools need lot of computational power and memory to analyze the disk images faster, normal desktop machines cannot provide much computational power and memory.

Brief introduction to the project

Digital forensics is the process of preparing,acquisition, preserving, examining and analyzing and also reporting of digital data. The purpose of this digital forensics is to improve and to acquire legal evidence found in digital media

Cyber crimes are happening everyday all over the world. Digital forensics is the art of investigating and gathering evidences of these cyber crimes. But the digital forensics is not a matured field yet and needs plentiful advancements. Most of the tools that exists in the industry are just command line tools. They needs thorough knowledge of them and needs special training to use. They are not easy to use and need lot of effort and consumes much time to execute a task. There are few tools with graphical user interfaces but they are simple desktop applications and they have to be installed on a one personal computer, therefore only one person can use them.

Cloud computing is a synonym for distributed computing over a network, and means the ability to run a program or application on many connected computers at the same time

Cloud computing could be used to empower the digital forensics investigations. A disk image uploaded to the cloud could be processed much faster and the processed data could be accessed by all many users. This saves lot of processing power and memory.

Main target of the project is to improve the usability of the analysis of the processed data by providing feature rich functionalities like, timeline of file activity, search by regular expressions, search by faces ( face recognition ) , audio file transcribing, etc.

All the investigators working on the same processed data and making notes, tagging and bookmarking strengthen the team collaboration thus leads to successful investigations. While investigators investigate the evidences, their every action are logged. Investigation head can monitor the investigation log and track suspicious activities.

Any digital forensics investigation agency can deploy the application on their own cloud infrastructure. They can extend the system for their requirements since source codes are open and freely available. They can make improvements and contribute back to the project if they like. They can report bugs to the issue tracking system, where the open source developers can use these feedbacks to improve the system.