Depending on their needs and personal preferences, people choose to use different operating systems (OS) such as Windows, Linux, and Mac. The scientific Linux Operating System (SLOS) is designed to provide a stable, secure, and high-performance computing environment for scientific research and education in a steady, scalable, and extensible manner. When criminal activities are committed by suspects involving computers and the internet, it calls for digital forensics which involves the use of scientific procedures and tools to carry out the forensic investigation and analysis of digital evidence for legal and investigative purposes. Forensic investigators use commercial and opensource tools for analysis and gathering inculpatory and exculpatory pieces of evidence. This paper presents a comparative analysis of EnCase, FTK, Autopsy, bulk-extractor, and Scalpel for analyzing the Scientific Linux image. The test scenarios were designed to find out if the selected forensic tools can be appropriately used for investigating crimes committed using the SLOS. The test scenarios include extraction and analysis of operating system details, user accounts, web browsing history, and the recovery of deleted and shredded files and this paper compares and evaluates the capability of the tools in retrieving the evidence designed in the scenarios. This systematic comparison and evaluation results would assist digital forensics practitioners, researchers, and law enforcement agencies in making informed decisions regarding the selection of tools for Scientific Linux image forensics.
Read full abstract