The Forensic Image Generator Generator (Forensig2)

The Forensic Image Generator Generator (Forensig2)

We describe a system that allows to produce file system images for training courses in forensic computing. The instructor can ldquoprogramrdquo certain user behavior (like copying files and deleting them) in a script file which is then executed by the system using a combination of Python and Qemu. T...

Full description

Saved in:
Bibliographic Details
Published in:2009 Fifth International Conference on IT Security Incident Management and IT Forensics pp. 78 - 93
Main Authors: Moch, C., Freiling, F.C.
Format: Conference Proceeding
Language:English
Published: IEEE 01-09-2009
Subjects:
Computer security
File systems
forensic computing education
forensic images
Forensics
Hard disks
Image analysis
Image generation
Industrial training
Law enforcement
Management training
Privacy
privacy protection
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We describe a system that allows to produce file system images for training courses in forensic computing. The instructor can ldquoprogramrdquo certain user behavior (like copying files and deleting them) in a script file which is then executed by the system using a combination of Python and Qemu. The result is a file system image that can be analysed by students within exercises on forensic computing. The analysis results of the students can then be compared with the ldquotruthrdquo encoded in the input script. The system therefore allows to easily generate large numbers of artificial but still challenging images without the privacy concerns of, for example, using and analysing second hand hard disks.
ISBN:076953807X
9780769538075
DOI:10.1109/IMF.2009.8