Selecting Forensic Tools

ion/attack. It is, hence, computer detective work.
The importance of computer forensic technologies to the securitization of information and for the detection of the source of cyber crimes, manifest in the unauthorized retrieval of data, cannot be overemphasized. As both Stephenson (1999) and Carrier (2004) emphasize, organizations which do not have a digital forensics system in place are inexcusably careless and irresponsible. The implication here is that organizations which handle sensitive data, especially data which the law holds as confidential and private such as patient information, will have a digital forensics system in place. This was confirmed by our organization’s IT Director who explained that a digital forensics analysis system was implemented over two years ago. While the IT Director claimed that the organization did not abide by criteria for the determination of whether to use open source or commercial tool sets, his explanation of the system and the process of its selection underscore its efficiency.
Tool Selection
The selection of the tool set was determined by the needs of the organization, the nature of its data and, importantly, a review of past attacks and unauthorized intrusion attempts. As a healthcare organization, the securitization of data is of primary importance since the leakage of patient information to unauthorized personnel renders the organization vulnerable to litigation. Furthermore, because of the nature of its activities, the data information combines between text, as in medical reports and demographic data, graphics, as in patient X-rays, and numbers, as in financial information. The organization, therefore, has to protect three data types.
In their analysis of the various computer forensic tools, Yasinsac and Manzano (2001) maintain that the criteria for selection should be data type and organizational needs and activities. Further explaining this, they note that the tools which are used vis–vis graphical data are not effective when used for numerical or textual information. Watermarking tools are most effective where graphical data is concerned but not so in relation to textual data (Yasinsac and Manzano, 2001). Furthermore, whether commercial or open source tool sets are used should depend on an organization’s size, the complexity of its functions and the volumes of data it handles (Yasinsac and Manzano, 2001).
Even though he concurred with Yasinsac and Manzano’s (2001) recommendations, the IT director admitted that adherence to their tool set selection criteria was not feasible. While open-source rather than commercial tools were used as a result of the complexity of the organization’s processes and the volumes of data it handles, it did not distinguish between graphic and text-based data. Doing so would involve the implementation of two different digital forensics tool sets, thereby multiplying the human and non-human resources assigned

You Might Also Like