School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Programmers of forensic tools need to ensure that their tools are of suitable use, robustness and correctness for their output to be used as evidence. One tool for logfile extraction that is currently under development and is intended for forensic use extracts information from ICQ clients has several limitations that need to be overcome before it is of significant value to forensic investigators. This paper covers the process and research involved in further developing the tool, and overcoming a subset of the limitations of the tool. It also documents what was learnt in the process about the logfiles and the extraction tool and provides a snapshot of its current state of development. Also highlighted are the main areas for future development, area’s where research is needed, and areas where research could be performed that were highlighted by the current research and development cycle.