syllabus‎ > ‎P: InfoVis design‎ > ‎

Hugo-Ndlovu

Hard Disk Forensics Project 

The aim of this project is to visualise directory or file listing from a computer’s hard disk in a more user friendly way allowing for an intuitive and interactive interface.

Problem Domain

Standard on any Microsoft operating system is Windows Explorer. This allows for a directory listing of your various hard drives and storage mediums, making it relatively easy to find folders and files thereon. We are going to explore the application of a visualisation tool to optimize directory or file listing.

Significance of the Project

The visual application once successfully implemented could find proper use in the field of computer forensics. This can be useful in the forensics field since it gives relevant data mostly required during forensics cases, including, date files last accessed, file size, name etc.

Literature Review

Sequoiaview software is a similar application (follow link for screenshot). It allows for gathering data about files and directories stored in a hard drive. The application further colour codes the different data files within the hard disk thereby making them easily identifiable. A key is used for all the different colour coding and this makes it easy to trace data by colour. Stored data is categorised and visualised by size, hence the bigger the size of the visual block of data, the bigger the file or directory stored.

Proposed Solution

We will attempt to incorporate more user friendly views allowing for a more natural browsing interface. This includes incorporating animation for improving the look and feel of the tool and adding a forensic twist to the visualization. This can be accomplished by color coding different file formats for display and showing their date last accessed and sizes.

Hierarchical hard disk data is acquired offline and stored in an excel sheet before being transformed into a Json file format. A Jason file will be created and used to store the data which in the end will be executed on a JavaScript code to produce a visualisation of how files are organized in that particular hard disk. A Json schema was adopted and applied to the json file used (See Addendum A).

Story Board

(To see the visual representation and description of our story board click here.) 

Conclusion

It proved problematic to try and adopt the directory listings that are in a csv format to the appropriate json format that we proposed in our json schema. We investigated the possible use of python code to overcome this hurdle. We added a working python code that allows for directory and file listing from  a  hard disk (see attached file json.py). Despite our limited knowledge of python, we (with some help from people : ) managed to get the code to distinguish files from directories during its search. It then saves it in the appropriate json format (click here to see a screenshot of the output file)     

Hard disk visualization tool has proved be effective for traversing through directories and files in a computer, hence can be very useful in the hard disk forensics environment.

Future Work

Some improvements could be made on the solution we proposed. These are the ones we came up with:

  • Allowing for pictorial display of the type of file on every mouse hovering, that is, in addition to file size, name and siblings, a picture of the file should also be shown.
  • The visual color coded blocks should correspond with the file or directory size on the storage medium.
  • Information about who accessed and modified files or directories could also be an important future project improvement.

Member's Contributions

During planning, design and implementation phases of the project, we all worked together, shared our different thoughts, ideas and all contributed to the project's phases. We divided some work between the two of us as follows: 

Deciding on a problem domain: Both of us

Soft version of the project's story board: Hugo

Design and implementation method: Both of us

HTML  coding: Ndlovu

JavaScript coding: Both of us

Json coding: Both of us

Python coding: Both of us

Documentation of report: Both of us


Subpages (1): Story board
ċ
ForensicsListing.zip
(176k)
Kagiso ndlovu,
Oct 8, 2010, 5:04 AM
ą
Kagiso ndlovu,
Oct 11, 2010, 7:03 AM
ċ
André Hugo,
Oct 8, 2010, 3:23 AM
ċ
json.py
(2k)
Kagiso ndlovu,
Oct 11, 2010, 6:28 AM
ċ
sb1.bmp
(559k)
André Hugo,
Oct 8, 2010, 3:46 AM
ą
André Hugo,
Oct 8, 2010, 3:30 AM
Comments