Date of Award

6-2020

Document Type

Project

Degree Name

Master of Science in Information Systems and Technology

Department

Information and Decision Sciences

First Reader/Committee Chair

Nestler, Vincent

Abstract

A massive problem within the United States is the financial loss that occurs through cybercrime. Before a cybercrime investigation can be solved, there needs to be enough gathered evidence. One way to obtain evidence is through processing the individual’s digital files from any electronic device or source, this is called digital evidence. Digital evidence can be obtained through the use of multiple software such as Forensic Toolkit (FTK), Magnet, or Autopsy. Although each software is used for the same goal, to obtain valuable information that can be used as evidence to support an existing case, there are unique features that differ one from another. These features are crucial to how effective and efficiently the user is able to obtain evidence related to the case. The question at hand is which software between, FTK, Magnet, and Autopsy, will be more effective and efficient for the user to receive the evidence needed based on the type of cybercrime committed. In order to compare the functionalities of the software, this project processed and documented forensic results of FTK, Magnet, and Autopsy from the nps-2008-jean.E01 evidence file.

The comparative results show (a) the time length needed to completely analyze the evidence file, (b) which features are included and not included within the processing, and (c), number of artifacts found within each category. The findings are: (a) 55,198 artifacts found in FTK in 21 minutes and 18 minutes, (b) 96,157 artifacts found in Autopsy in 1 hour and 40 minutes, and (c) 65,221 artifacts found in Magnet in 1 hour and 6 minutes. The results show that FTK processed the nps-2008-jean.E02 file the fastest, Autopsy processed the evidence file the longest and Magnet is the second fastest. The conclusion is depending on the type of cybercrime category being processed, one application may be more effective and efficient than the other.

Download

Share

COinS