A forensically tested tool for identification of notebook computers to aid recovery: LIARS phase 1 proof of concept
School of Computer and Information Science, Edith Cowan University
Computing, Health and Science
School of Computer and Information Science, Centre for Security Research
The LIARS tool was designed to enable identification, and potentially the return, to the rightful owner of stolen laptop or notebook computers. Many laptops are discovered by Police, but time constraints prevent recovered devices from being identified. This project has produced a proof of concept tool which can be used by virtually any police officer, or other investigator, which does not alter the hard drive in any fashion. The tool uses a modified version of the chntpw software, and is based on a forensically tested live Linux CD. The tool examines registry hives for known location of keys which may provide information about the owner of the laptop. This paper outlines the successful first phase of the project and looks at future directions.