Friday, 2 October 2009

Forensic Cop Journal 1 (2) 2009: Similarities and Differences between Ubuntu and Windows on Forensic Applications


This post is the form of development of previous post concerning the same topic. It is about similarities and differences between Ubuntu and Windows on forensic applications. The previous post only discuss it in general and is like brief summary of experiments performed before; therefore in order to make the topic becomes comprehensive view, this post in the form of journal is issued. I only put the sections of Introduction and Research Preparation below. If you wish, the PDF full version of this journal can be downloaded at http://www.scribd.com/doc/20514332/Forensic-Cop-Journal-12-2009Similarities-and-Differences-Between-Ubuntu-and-Windows-on-Forensic-Applications



Introduction
 
In dealing with computer crime, the forensic investigators are faced to volatile digital evidence which must be discovered as soon as possible because sooner it can be recovered, better the criminal investigators handle the case, even it can make the duty of the investigators become easy to locate and catch the perpetrators. There are many ways to carry out forensic investigation on cases of computer crime. Although there is a bunch of various different techniques for this purpose, essentially they have same goal, namely to recover the digital evidence, and then serve it for court. 


There are two conditions in which the forensic investigators often deal with; they are forensic analysis under Microsoft Windows and under Linux OS such as Ubuntu. In this case, Ms Windows and Ubuntu have their own advantages and disadvantages regarding with computer forensic examination. In some extent, they have similarities, but in the other cases, they also have differences. This journal will describe the topic about “similarities and differences between Ubuntu and Ms Windows on forensic applications”. The descriptions also include practical samples of forensic tools in order to support the opinion.

Research Preparation


In order to run this research on the track, I make some experiments based on my experience in investigating the case of computer crime by setting up 4 GB flash disk as experimental object. I configure it to be 3 partitions by using Partition Editor application from Ubuntu. The first partition is FAT32 with the size of 1000 Mbyte in which I install Helix Forensics by using USB Startup Creator from Intrepid so that it becomes bootable flash disk to run Helix Forensics live, then I also put some files which have different file extensions such as pdf, doc, odt, ppt, jpg, odp and so on in different folders, some of these files are then deleted. The first partition becomes one of the objects of experiments. To be more focus on analysing, I limit the similarities in 5 points of view and differences in 3 points of view.




No comments:

Post a Comment