Information Investigation Autopsy (IIA) for digital forensics / Fakariah Hani Mohd Ali … [et al.]

Many enterprises-built LANs with the assumption that internal users are trustworthy. Little thought was given to understanding exactly what devices are connected to the network, where these devices are located, and what users are doing with them. As a result, enterprises are finding themselves ill-equipped to deal with problems introduced by mobile end systems and end users. According to Digital Forensic Investigator from Malaysian Communication and Multimedia Commission (MCMC), if cybercrime occurs in the network, they have to bring all the computers to the forensic lab before they do investigation process. This approach is costly and time consuming. This project proposed Information Investigation Autopsy (IIA) which a tool that can monitor and analyze users' activities inside the client machine in the network. IIA will capture all the activities such as keystroke pressed, timestamp and IP address and save it in the server. IIA will be analyzing the files to detect any suspicious activities. If detected, IIA will encrypt the evidence and sent the evidence to the digital forensic department. This tool will ease and give benefit to the digital forensic investor and enterprises to identify and detect the evidence if any cybercrime occurs in the local area network environment.