Creative Commons

This dissertation was written as a part of the MSc in ICT Systems at the Internation-al Hellenic University. The digital triage in forensics investigation can really make the digital investigation a success or a disaster depending on numerous factors. There are numerous triage tools freely available online but there is no mature framework for practically testing and evaluating them. In the following pages we will analyze four open source triage tools and identify the advantages and drawbacks of each of them. We will also test their compliance to published forensic principles (ACPO). The results prove that due to high complexity and variety of system configurations, triage tools should become more adaptable, in dynamic and manual manner, depending on the case and context, instead of sustaining a monolithic functionality. After identifying the problem, an effort was made to create a program, that has the ability to search a whole computer, or any partition or file chosen, for files with any possible extension, that are installed or created by the user. This was possible by com-paring the MD5 hashes of the files. In this way the investigator can search, in a very short time, the computer under examination, for installed and created files or programs, altered programs, possible malware and harmful programs. This program can have even greater usability if it is incorporated into other digital triage programs or if it is enhanced with more advanced functionality. Special thanks is given to my supervisor Prof. Vasilios Katos that showed me the way to where address my research and solved any issues raised giving insightful feed-back.