AutoChain - Automated Chain of Custody & Image Validation
Overview:
AutoChain is a forensic tool designed to automate the chain of custody process while ensuring integrity and authenticity of forensic images. The tool facilitates the creation of forensic disk images, validates them using cryptographic hashes (MD5 and SHA-256), and generates a detailed chain of custody report in PDF format.
Features
- Forensic Image Creation: Supports creating forensic disk images in .img format.
- Image Validation: Computes and verifies MD5 and SHA-256 hashes to ensure image integrity.
- Automated Chain of Custody: Generates a PDF report documenting acquisition details, timestamps, and hash values.
- User-Friendly Interface: GUI-based workflow for easy interaction and evidence management.
The user is supposed to fill in all the fields so that the program can handle the rest by generating a chain of custody report as well as maintaining copies of the hash values and store them for comparison later on. The program uses the unique ID and links it to the generated hash values and stores them. The values are automatically generated when the user enters the image file.
This tab’s purpose is to verify the image integrity by creating both hash values again and comparing them with the stored values. If both are identical, then it shows a green confirmation message, and if not, it shows a red message, which means the images are tampered with.
Contributors
• Abdullah Mohamed • Omar Ahmed • Ehab Reda
Supervised by: Dr. Maryam Adel