A forensically tested tool for identification of notebook computers to aid recovery: LIARS phase I proof of concept
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
4051
Abstract
The LIARS tool was designed to enable identification, and potentially the return, to the rightful owner of stolen laptop or notebook computers. Many laptops are discovered by Police, but time constraints prevent recovered devices from being identified. This project has produced a proof of concept tool which can be used by virtually any police officer, or other investigator, which does not alter the hard drive in any fashion. The tool uses a modified version of the chntpw software, and is based on a forensically tested live Linux CD. The tool examines registry hives for known location of keys which may provide information about the owner of the laptop. This paper outlines the successful first phase of the project and looks at future directions.
DOI
10.4225/75/57ad65df7ff38
Access Rights
free_to_read
Comments
Hannay, P., Woodward, A., & Cope, N. (2007, December). A forensically tested tool for identification of notebook computers to aid recovery: LIARS phase I proof of concept. In Proceedings of the 5th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia. Available here