A pair of researchers at the US Military Academy, West Point, have adapted visualization techniques to computer forensics tools to create a powerful way of mining data from systems.  Their results make use of the structure of data to attempt to automatically classify the type of data and can, in some cases, automatically decode and display it.

It is also important to note that the way in which the visual computer forensic tools written by Conti and Dean present the data to the examiner. They place more data in front of the examiner in a smaller amount of screen space. With some plots, Conti and Dean suggest that there are 300 to 900 times more examiner-viewable data on the screen at any one time when compared with standard text or hexadecimal viewers. When combined with the fact that the examiner views the data represented by pixels, the review speed of some file types dramatically increases. In short, visual forensic tools can save an examiner a significant amount of analysis time.

They presented this work at the Blackhat 2008 conference in Las Vegas, NV, and the software is available for download at their website.

via Legal Technology – Visual Computer Forensic Analysis.