An automated forensic tool for image metadata and Windows 7 Recycle Bin

摘要

Different tools are used to aid the investigation process. Many commercial and open source forensic tools are available but most of them have little way of shaping data in way meaningful to investigator. In this paper we have proposed a python based tool which will have two separate functionalities. One of the functionality which we are calling as PhotoLocator will automate the complete process of image metadata analysis, extracting coordinates information from metadata and locating the image geographically using Google Earth & KML (Keyhole markup language). It will also be capable of locating multiple images simultaneously along with thumbnail of images on Google Earth for which sample results are presented. Other functionality will provide forensics for Windows 7 Recycle Bin. Analysis of deleted files often provides useful information for the forensic computer examiner. To know where to find the deleted files, and how to understand the metadata associated with the file's deletion, make up the backbone of a successful forensic computer examination. This functionality will provide a CSV file of all the files and related metadata for each user recycle bin.