Linux Data Acquisition for Forensics Purposes

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Integrity is a significant aspect in all fields of computer science. Nowadays we store our data in digital format, thus it is essential to defend them from unauthorized access.

Computer forensic is a branch of investigation and analysis techniques to gather evidence from an incident occured in a computing system. Although several digital forensic investigation tools exist, most of them run on Windows operating system.

The purpose of my work was to implement a software which has been created to allow forensic investigations in Linux operating systems. My application is able to process the gained data offline and offer the results in a proper and structured way to the user. The application platform is not only personal computer, it is also compatible with embedded systems.

The result of my work is a web application, which is able to create a computer forensic kit. The kit was made of a binary executable and a shell script with commands

which gain system information. It can be used on several platforms. We can use the application via web browser as follows: first we have to create the forensic kit. It is possible to select the information which we are looking for. After selection the server will create the toolkit and send it to the user. It is the user's task to run the script on the observed device. The script will produce a compressed file from the gained data, what we have to upload to the server using the web application. After finishes uploading, the server will start processing the gained data. If processing is successful the outputs are shown on the webpage in structured datatables or in timeline diagram.


Please sign in to download the files of this thesis.