Visualizing Digital Evidence

As technology advances and the usage of digital devices (computers, cellular phones, PDAs etc.) increases the use of digital forensics is becoming more important. When working with digital evidence it can be cumbersome to analyze large data sets such as large cases with several gigabytes of data distributed across multiple hosts and networks. The purpose of visualizing digital evidence is to provide better understanding of the digital evidence and to enable more efficient analysis. Because of advanced techniques for wiping/deleting, encrypting and hiding data, visualizing digital evidence is not an easy task. There exist tools (i.e. The Coronerís Toolkit, The Sleuth Kit among other tools) and techniques (self-organizing maps) for extraction and presentation of digital evidence. A tool developed by Emmanouil Vlastos and Ahmed Patel presents digital evidence in 3D which will be used (among other tools) in a survey in this thesis.

In this project, we will perform a survey of existing tools and methods for visualizing digital evidence. The survey will include a comparative analysis using a set of predefined criteria, and we will also evaluate the tools and methods through practical experiments. The experiments will consist of analyzing a data set that will be created for this thesis and a data set that is publicly available. Finally, we will investigate new tools for visualizing digital evidence and propose a prototype for visualizing digital evidence based on digital crime scene investigations.