Problem Context

            Forensic investigator faces many problems of getting
live windows analysis information. The main reason is the use of traditional
way of getting information by unplugging the power to a computer and then
acquiring a bit-stream image of the system hard drive through a write blocker. For
example, investigator face servers that are used for business operation such as
e-commerce continues to grow and cannot be shut down because shutting down their
servers is measured in hundreds or thousands of dollars per minute. Therefore,
shutting down a system and acquiring information was not an option and this is
one of the problem where investigator cannot investigate. Other example is when
malicious software program gets into a system and steal information such as
password or sensitive information these type of program usually exist on the
memory and when the computer is shut down all the evidence of the malicious
program will be disappeared. Nowadays the number of size of the hard drive is
getting bigger and bigger and usually it will take four to eight hours for a
complete hard drive image of a 80GB. Imagine how long it will take to image a
hard drive of 1TB or 2TB or even 10TB? That’s a lot of time. What if the
investigator only wants the activities of the process and not the whole image
of the hard drive?

            Investigator use the traditional way
because there is no open source software which can analysis windows live. It
makes them to spend more time getting information manually by using command
prompt (CMD), task manager, services and etc. After getting that information
they need to save and preserve it and this may take hours or even days for them
to get a complete information. Sometimes the information they want might be
alter or disappear within a second. So, getting a complete and full information
is not 100% accurate and might miss some important evidence.



            Live Windows Analysis System is an
individual software which allow user (Forensic Investigator or First Responder)
to analysis windows live without shutting down the system and getting all the
important information. This software will collect information about the system
while it is still running. Information about process, network connection, list
of dlls, and etc will be collected by the software. By using this software, it
is the only way of getting information before it disappears when the system is
shut down. This software will definitely reduce the time consuming, more user
friendly which allow user to understand and use it well, and faster data
gathering. There a two type of benefits tangible and intangible:



Save more
time. As this software can gather information faster and user don’t need to wait
longer and spend more time searching for the evidence.

workload of user. Investigator don’t need to use the traditional way of gathering
information by unplugging the plug of a system.



the rate of missing important evidence as this software is used while the
system still running.

Much more
convenience for user to use because the software is user-friendly and easy to
generate report.


Nature of Challenge

            Java Object-Oriented Programming will be the challenge
throughout my project. I need to make sure that the software runs command
prompt (CMD) in an administrator to allow the system to gather information
without any error this is because without running as an administrator the
software is not allowed to run few commands which will affect the information
gathering. Besides that, gathering information of the browser is one of the
challenge in this project because CMD doesn’t not allow to get information
about the browser such as Google Chrome, Mozilla or etc. Saving the output to user
created folder using the software is one of the challenge too because the
output is manually saved to the NetBeans folder and when try to change the
directory it will access denied.



















