In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
7th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2012)
Title: On the Investigation of Application Specific Data within Digital Forensics
Author(s): Harald Baier, Achim Brand
Keywords: Forensic Investigation, Application Forensics, Microsoft Word, Skype, Binary Files, Guideline, Open-Source Software, Anti-Forensics
Abstract: Microsoft Word and Skype are widespread applications in our daily IT life. Up to now, if a computer forensic examination is required, the majority of forensic investigators tends to use commercial software to analyse this application-specific data. However, commercial software is rather expensive and typically closed-source. This paper aims at exploring if an application-specific forensic investigation is feasible by using free available software and whether its findings then still meet the investigators' demands. We contribute to this question by developing a guideline for the forensic investigation of Microsoft Word binary files (aka .doc files) and Skype chat log files. Solely free of charge available tools are proposed for use. In addition, we develop a Python-based, platform independent tool to enable a more in-depth-analysis of .doc-metadata. This tool does not rely on any third-party application libraries (e.g. Microsoft APIs (Application Programming Interfaces)). Furthermore we optimise an existing tool for analysing Skype's .dat files by reverse-engineering the file's structure. Finally, we present a questionnaire completed by practitioners. It shows that our approach meets their needs.
Download count: 1697
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.