Title: An analysis of the accuracy and usefulness of Vinetto, Pasco and Mork.pl

Authors: Dave Childs, Paul Stephens

Addresses: Digital Evidence Recovery and Internet Crime Lab, Trading Standards and Regulatory Services, North Yorkshire County Council, Unit 4/5, Block B, Thornfield Business Park, Standard Way Business Park, Northallerton, North Yorkshire DL6 2XQ, UK. ' Canterbury Christ Church University, North Holmes Road, Canterbury CT1 1QU, UK

Abstract: The majority of forensic examiners in the UK use a Microsoft Windows-based platform together with a proprietary forensic application to carry out their analyses. These commercial forensic software packages tend to carry considerable licensing costs, as does the Windows operating system itself. In comparison, Linux is free and contains many forensically useful native tools. Additionally, there are free and open source applications available that have been created specifically for use in computer forensics examinations. This paper assesses the accuracy and usefulness of three such tools: Vinetto, Pasco and Mork.pl and compares the results with those of proprietary tools. We conclude that whilst a computer forensics examiner who is familiar with commercial, Windows tools, is unlikely to switch completely to a Linux-based platform, they may well consider investing the time necessary to learn how to use these free tools in order to have an alternate platform to validate their results.

Keywords: computer forensics; Linux forensics; Mork.pl; open source; Pasco; Vinetto; digital forensics; UK; United Kingdom; electronic security.

DOI: 10.1504/IJESDF.2009.024902

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.2, pp.182 - 198

Published online: 03 May 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article