Penguin Sleuth, a Forensic Software Tool

Introduction

Computer security and data safety have become the stepping stone for most organizations and individuals. In general data protection and informational safety require increased attention and awareness of the users. Forensic software may be used for various aims, however, the key functionality range is closely linked with data safety, though, these may be used either to protect or to harm the data stored. The key aim of the paper is to analyze the forensic software tools available and, give a detailed description of the functionality range for each software tool or tool pack.

Penguin Sleuth Forensic

This software tool pack is the extended edition for WinHex codes. This involves numerous features that involve various analysis tools, disk editing software pack with lots of useful features and functions. The software is suitable for a range of file systems such as FAT, FAT32, NTFS, Linux Swap, and Raiser FS. Additional tools are Bates-numbering files, picture gallery creation and checking, file preview, and calendar functions for scheduling and planning tasks. The key functional value of this software is the opportunity for low-level disk monitoring and the opportunity of cloning.

Method

The method that is implemented in the Penguin Sleuth software tool pack presupposes bite-by-bite file analysis. On the one hand, this requires more time for analysis in comparison with other tools. On the other hand, this provides better analysis especially if the type of file is unknown. Moreover, this analysis type is more reliable for a low-level disk analysis. (Sturgeon, 2008)

Because Penguin Sleuth Kit is a bootable CD pack, hence, it provides an opportunity to reach every file which may be blocked after system startup. This software pack is aimed at adapting Linux resources to perform a forensic analysis of the entire system and providing effective Security Auditing measures.

How It Works

Penguin Sleuth Kit is aimed at working with various Linux models that are based on different principles of system file arrangement. In general, the key feature of Penguin Sleuth is the opportunity to examine an offender’s computer without leaving any evidence of examination: no data of examination is left on the hard drive. Moreover, it provides an opportunity to view and check multiple operating systems without any complications. The specification of the development presupposes that the pack may be run on Debian and Linux versions, as well as some desktop environments. It is used with OpenOffice.org, AbiWord, The Gimp, Konqueror, Mozilla. The default environment is KDE, which may be used with Gnome and several other environments. (Virtual Appliances, 2010)

Where Obtained

This software tool is free and may be obtained from the official Penguin Sleuth. Web.

Additionally several mirrors may be available, however, it should be emphasized that the software pack is free, and distributed without any restrictions. The version that was used for the analysis was downloaded using p-2-p network.

Author and Company

Penguin Sleuth Kit was created by Klaus Knopper, who works for Knoppix Linux distribution. (Cosgrove, Robi and Rismann, 2009)

Size

Archived version needs only 700 MB of disk space.

Functionality

The principle of its work presupposes searching files all through the system without interrupting the order of files. Hence, it may search files in accordance with the key word and in specific formats, browse internet history, search in recycle, temp files, favorites etc. As for the deleted files, it should be stated that the system generally does not delete files, however, it removes references for the file, so, the other information may be recorded to this place. Considering the fact that low-level structure involves this information (or part of it) until the disk is formatted, Penguin Sleuth may restore and review these deleted files. Actually, there is no need to extend the functionality by adding supplementary programs, however, it may be repacked by volunteers, as this is the open source project.

Screen Shots

File Search and analysis
File Search and analysis

The system analyzes files independently of its extension, and defines the bit structure which differs in accordance with the file purposes.

Search Results
Search Results
Image Gallery Creation
Image Gallery Creation

Actually, it is hard to evaluate software packs by reviewing their screenshots, however, the results that may be made in accordance with the offered screenshots are that the software is effective for searching files and analyzing the bit structure of files found. (Baca 2010) Picture gallery is not too effective, as it may be used only during the session. Forensic options of the tool presuppose effective and quick analysis of the files available, and provide the extended range of options associated with the matters of checking files for security (virus and worm check), availability and presence of the necessary system files, assessment of file browsing history and internet browsing history for checking whether prohibited files and sites were opened. (Baca, 2010)

As for the usage difficulty, it requires some knowledge of system structure and file origins, as extended analysis requires awareness on the matters of bit structure. This is of particular importance when renamed, deleted or files with changed extension are analyzed. Hence, the tool is not for wide usage, and may not be applied by inexperienced users.

Advantages and Disadvantages

The pack is intended for extensive file and system analysis using boot CD. This technology is helpful for analyzing the shutdown system when all the system files are available and not blocked by system processes. Additionally, the software tool is effective for analyzing various types of files, as the actual importance of forensic analysis is confirming the availability of files of particular origin.

The key advantage of the kit is that the project in general is open source, and it may be extended or repacked depending on the requirements of any user. Considering the nature of Linux environment malware is ineffective for these software packs, however, in order to avoid any harm, the kit may be downloaded from the official site.

The disadvantages are not evident: it is impossible to create search and analysis profiles, as the system does not have any operative space, and does not have an opportunity to leave anything on the hard drive or any other storage.

Project Executive Summary

The project itself is reliable and effective for file and system analysis, however, the target audience of the tool pack is essentially restricted. In general, this may be used or searching files of a particular contents, and this search is performed not only among the open and unrestricted files, but also among deleted and hidden files. The opportunities of this system are immense, and the functionality is wide enough, however, user needs to have essential experience with nix system operations, as Penguin Sleuth software pack is not intended for inexperienced user.

Reference List

Baca, E (2010) The Penguin Sleuth Kit. penguinsleuth.org. Web.

Baca, E. (2010) Kicking it up a notch!!!! New PSK Plans. Penguin Sleuth. The Ultimate Computer Forensics and Security Platform. Web.

Cosgrove, J., Robi, E., & Rismann, D. (2009). Should Experts Also Be Private Investigators?. The Forensic Examiner, 15(3), 7.

Sturgeon, J. (2008). CSI: Hard Drive Hate Groups, Terrorist Activity, Pimping. A Day in the Life of Local Law Enforcement? No, Just a Routine Sweep of School Computers. Digital Forensic Technology Is Uncovering the Bad, Sometimes Criminal Behavior Students and Faculty Are Guilty Of. T H E Journal (Technological Horizons In Education), 35(1), 22

Virtual Appliances (2010) Penguin Sleuth Computer Forensics and Security Appliance for incident response and Testing. VMWare. Web.

Cite this paper

Select style

Reference

StudyCorgi. (2022, April 3). Penguin Sleuth, a Forensic Software Tool. https://studycorgi.com/penguin-sleuth-a-forensic-software-tool/

Work Cited

"Penguin Sleuth, a Forensic Software Tool." StudyCorgi, 3 Apr. 2022, studycorgi.com/penguin-sleuth-a-forensic-software-tool/.

* Hyperlink the URL after pasting it to your document

References

StudyCorgi. (2022) 'Penguin Sleuth, a Forensic Software Tool'. 3 April.

1. StudyCorgi. "Penguin Sleuth, a Forensic Software Tool." April 3, 2022. https://studycorgi.com/penguin-sleuth-a-forensic-software-tool/.


Bibliography


StudyCorgi. "Penguin Sleuth, a Forensic Software Tool." April 3, 2022. https://studycorgi.com/penguin-sleuth-a-forensic-software-tool/.

References

StudyCorgi. 2022. "Penguin Sleuth, a Forensic Software Tool." April 3, 2022. https://studycorgi.com/penguin-sleuth-a-forensic-software-tool/.

This paper, “Penguin Sleuth, a Forensic Software Tool”, was written and voluntary submitted to our free essay database by a straight-A student. Please ensure you properly reference the paper if you're using it to write your assignment.

Before publication, the StudyCorgi editorial team proofread and checked the paper to make sure it meets the highest standards in terms of grammar, punctuation, style, fact accuracy, copyright issues, and inclusive language. Last updated: .

If you are the author of this paper and no longer wish to have it published on StudyCorgi, request the removal. Please use the “Donate your paper” form to submit an essay.