In recent research presented at the Black Hat 2008 conference in Las Vegas, Greg Conti and Erik Dean from the United States Military Academy have adapted a new concept to computer forensics: visualization. The researchers demonstrated how visual computer forensic methods can dramatically reduce the time it takes to review files by substituting visual heuristics for traditional modes of file signature identification, file extension selection or hexadecimal searching.

By placing more data in front of the examiner in a smaller amount of screen space, the review speed of many file types is claimed to dramatically increase. In short, visual forensic tools have the potential to save an examiner a significant amount of analysis time.

“Visualization has the potential to dramatically change the field of computer forensics,” urge Conti and Dean.  “Each time we created a new visualization tool there were always surprising insights. Visualizations create windows on data that hasn’t ever been readily visible, much to the dismay of people trying to hide information in the dark corners of a computer.”

Full story at:
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202428248638

The tools are available for free download.  I will experiment with them on data from an actual case and may report my findings here in a future post.