Computer System Tools - Critical Evaluation of Selected Forensics Tools

Case Study

Learning Outcome 1: recognise the need for specialist system tools for the automation of typical data analysis tasks
Learning Outcome 2: be able to download, compile and install and critically evaluate a range of FLOSS software tools
Learning Outcome 3: research current developments in low level software tools aimed a specific tasks
Learning Outcome 4: be able to critically compare and evaluate available software tools

Coursework Description

The objective of this coursework is to conduct a critical evaluation of a selection of computer forensics tools and document your findings in a report of approximately, AND NOT MORE THAN, 2500 words. NB that if you are not taking the MSc Cyber Security and Forensics degree, you can alternatively choose standard systems tools (eg network monitoring etc).

You can choose any tools you like: they can be open source or commercial, they can run on any platform(s). However, you are expected to evaluate them and this means that you need to develop a set of metrics and test against those. These need, as far as possible, to be objective.

You should ideally use good test data. You will need to put some work into designing this yourself. However, in the case of test data for activities like file carving, this is quite a difficult task, and for this reason a number of suitable test images are available at various sites, eg

The number of tools you test can vary according to the complexity of the tool. You obviously need to compare at least two. If you have chosen something like FTK as one of them, I'd suggest two would be enough. If you chose something fairly straightforward like, say, editors, then the full four would probably be more appropriate.