Introduction
The article is about research on a computer forensic tool that was carried out by Jens Olsson and Martin Boldt at Blekinge Institute of Technology. The two scientists came up with a prototype of an existing computer forensic utility that combines the output of other forensic utilities and displays it against a given timeline. In computer forensics, timeline analysis is time-consuming because each process investigated differs from the other. Data that is not relevant in one process may be crucial in another process in forensic investigations. This is the reason for manual investigations of timeline in forensic analysis. This process is time-consuming. There is a need for the development of a forensic tool that analyzes and filters the necessary information then displays the outcome in a timeline that is easily understood.
The necessity to save time in computer forensic investigations is the basis of the tool that Olssen and Boldt came up with. It is called CyberForensics TimeLab (CFTL). The tool forms a kind of directory for all evidence gathered about time. The outcome is then plotted on a graph of the timeline. In doing so, forensic investigators analyze the timeline easily and quickly as compared to the existing forensic tools. An existing tool that is similar to the CFTL is the Forensic toolkit (FTK) that was created by Access Data. It analyzes different data just like the CFTL but does not display all the timestamp data in a way that makes work easier for the investigator.
Olssen and Boldt tested the CFTL by giving it to several users then comparing its functionality to FKL. The results were positive and overwhelming. 12 tests subjects used the tool CFTL and FKL to solve a hypothetical forensic case. The case was solved in 14 minutes using CFTL and in 45 minutes using FKL.
Case Project
Questions that the woman should be asked are time and access-related. First of all the investigator should determine the location that the files found on her computer were meant to be and who has access to it. This can help in narrowing down other possible suspects in the case. The first question the woman should be asked is about other individuals with access to her computer. She should clearly define people with regular access to her computer and specifically those who have accessed it within the last month. This information helps in relating the list of individuals with access to the main source of files to the ones with access to her computer.
The investigator should then determine how the woman can benefit from accessing the files found on her computer. Are they of any importance to her? If she is fired, who benefits the most? Is it an individual within the company or the company itself? The answers to these questions help the investigator to determine if the woman has been framed or not. The investigator should then determine the woman’s history with computers and the level of her computer knowledge. Does she have any certification in computers? How knowledgeable is she in computer use? Finally, the investigator should determine the number of times she logs into her computer in a day and specific times she has logged into it for the past week. The investigator should then check the computer logs and information about the files. The date and time that the files were created and last modified. The user logged in at the time the files were created is also important for the investigation.
Rational Vs Holistic
People who tend for the rational approach are managers whose guidance stems from the statements of finance. They believe that positive outcomes ought to be achieved by well-calculated means with great precision. All their actions and decisions are based on facts that can be quantified and observed. These managers are viewed by their subjects as plain and uninspiring. According to the subordinates of managers observing rational approach to decision making, they are autocratic.
On the other hand, individuals who tend for the holistic approach are leaders driven by several factors that include relationships. These leaders make their subordinates optimistic hence a general improvement in the performance of the organization. They consider the underlying factors while making their decisions. These leaders take into consideration not only the relationships within the workplace but also social resources that are complex. The employees in this case perceive their managers to be visionary.
Studies have shown that holistic managers are more effective in decision-making as compared to rational managers. Results of these studies show that the performance of their organization is improved as workers are more optimistic than those under rational management.