incubator-alois-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Alois Wiki] Update of "IMF2011" by UrsLerch
Date Fri, 14 Jan 2011 15:43:58 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Alois Wiki" for change notification.

The "IMF2011" page has been changed by UrsLerch.
The comment on this change is: added introduction.


  ''Abstract: ''Although computer forensics is foremost all about recovering, collecting and
analyzing data, there is, at least as far as we know, no central platform for all of this.
Sure, there exists a dozen of software tools, all good in their defined area. But when it
comes to integration to a whole, often incompatibility of data and the lack of interfaces
are severe problems. In our opinion, a good part of this problem lies in the nature of proprietary
software. Although Open Source Software is not the "holy grail" and doesn't deliver a solution
to this problem per se, a community driven development can help to overcome a great part of
these issues. Apache ALOIS is an open source tool, originally designed as SIEM (Security Information
and Event Management). But since its main tasks are collecting and analyzing data as well
as reporting, it could very well help as integration plattform for all collected data within
a computer forensics process.
  == Introduction ==
- [What we know about computer forensics and why we think it would be a good idea to have
a central platform.]
+ The aim of computer forensics is it to acquire, analyze and evaluate digital tracks in the
context of an already conducted or yet only planned criminal act. This requires highly specialized
knowledge as well as highly specialized tools. It therefore makes sense that these tasks are
divided, each step performed by for this particular step specialized staff using the aprobiate
+ For the first step, the collection of data, IT knowledge is needed in the first place. It
therefore makes sense, that adequately skilled, technologically-oriented people are responsible
for this task. Of course they need a somewhat basic criminal technical expertise beside. Under
these conditions, the tools used can - and must probably have to - be technologically challenging.
For the analysis of the data, in particular criminalistic knowledge, intuition and a relevant
experience is required. Basic technical knowledge must be provided, but shall not be central
in any way. The tools used should therefore be less technologically sophisticated, albeit
a database query using SQL for example may be required. For the evaluation process, in particular
legal expertise is needed. While it does need understanding of the digital media, technological
knowledge should be provided as little as possible. Therefore, the tools used have to be very
user friendly.
+ In this division of tasks, the overall view must not be lost. Here, a cross-platform might
be of great help for computer forensics. This platform must ensure first of all, that all
the information is available for the entire process in the respective most appropriate form.
This means, that the task of the creation and access to this information corresponds with
the necessary know how in the respective process step. Such a platform can also take on additional
services, such as a workflow or communications. Furthermore, it could be assured that all
the information of a case is stored in one place and, therefore, can be easily controlled
and understood. Moreover, as the aim must be to use the most appropriate tool for each task,
it is important that this platform has an open architecture and open interfaces. It must therefore
be independent of a provider. In this respect, it makes sense to pursue a free implementation
of this platform, that is an open source software.
  == Open Source Software ==
  [This brief introduction is an excerpt of the PhD of one of the authors.]
@@ -21, +25 @@

  The recognition, that in the Internet age, that is, rapid access to worldwide information,
an isolated proceeding is no longer appropriate, has grown significantly in recent years over
the levels of management. In this context, the concept of interoperability is increasingly
become more important. Interoperability describes the ability of diverse systems and organizations
to work together (inter-operate). Open-source software alone, however, cannot fullfill this
demand. While it can actually guarantee the independence from a manufacturer by the disclosure
of the source code, this can not be said of the independence from the product and therefor
the full flexibility. That will only be possible by the means of cooperative innovations.
Jollans (2006) outlines thisā  using the term "community innovation" respectively the concept
of "Open Computing".
- {{}}
+ {{ computing.png}}
  By this he means the combination of the three components of open architecture, open standards
and open source, in which a full interoperability can be achieved. The goal of "Open Computing"
is the flexibility of a modular integration of function as well as independence from manufacturers,
both in hardware and in software. While for example Apple goes the opposite way, due to the
experiences of recent years and decades it can be predicted with good conscience, that software
will be successful mainly because of its openness.

View raw message