Design and Development of CLI for SleuthKit: A Cyber Forensics Framework

Abstract

With growing advancement in computer technology, the usage of computer and internet is increased day by day; in turn the crime related to computers is also increased gradually. So Computer forensics is a new field which incorporates procedure, tools and techniques to find the evidence against cyber criminals and prove it in court of law. The Computer forensics follow the investigation with some predefined general steps in any forensic investigation i.e. identification, preservation, extraction, interpretation, documentation and presentation. There are many cyber forensic tools available for extraction, making copy of original media and for analysis. Tools are inherent part of any cyber forensic investigation and they must be based on proven methodology and techniques admissible under legal procedure. The cyber forensic tools broadly categorized as commercial and open source tools. Each has their own advantage and disadvantage. Open source tools are not so user friendly but as efficient as commercial tools and can be authenticated because their code is available, further we can expand it according to our requirement. The Sleuth Kit (TSK) is a popular open source cyber forensic tool constitutes a library and collection of command line tools that allow you to investigate disk images. These command line tools are difficult to use and you have to use each one independently. Your output is also not saved for future reference and analysis. In this thesis work we created a command line common user inter