Operating Systems/Programming

Computer Forensics- Tools of the Trade

WooCommerce

 

austin-chan-275638-unsplash.jpg

Computer forensics, also commonly referred to as digital forensics, is a division of forensic science involving information in computers and digital storage media being used as legal evidence. It is used when hardware or software fails, and the data needs to be recovered, during legal proceedings, and when terminating an employee. Numerous computer forensic tools help in this process such as disk imaging software. With this software, the data on hard drives can be traced, and there are several different types of disk imaging software currently available. Data capture can be done with FTK Imager or Microsoft’s Disk2vhd. Next, hashing tools compare data between an original and copy of a hard drive by analyzing the data. File recovery programs are another useful tool that allows lost data to be recovered. These programs search a PC for data that isn’t deleted yet, just marked for it. Also, software and hardware write tools enable a hard drive to be rebuilt bit by bit. However, this doesn’t change the data, just makes a copy of it.  Finally, Encase is a favorite tool that performs several tasks like disk imaging/verification and data analysis.         
Many of these tools are free to download and some can be quite costly. However, a free version of them usually exist, it just might be made by a different company. I would personally use SANS SIFT (Sans Investigative Forensic Toolkit) due to it having all the tools one could require for an in-depth forensic investigation. A free SIFT toolkit is also available that can match any modern-day tool regarding functionality. SIFT supports analysis of Expert Witness Format, RAW, and AFF evidence and the UI of the program is easy to view and use. SIFT features cross-compatibility between Linux and Windows as well! Computer forensics tools and training are essential as computers don’t lie and we all run into problems or conflicts every day that require the help from data identification and retrieval methods.
References:
Bunter, Bill. “Computer Forensic Tools – An Overview.” Bright Hub. Brighthub.com. 20 Sept 2010. 03 May 2017.
 

Advertisements
Jetpack

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.