Unformatted text preview:

Computer Forensics Tools Hardware and Software Forensic Tools Computer Forensic Tools Tools are used to analyze digital data prove or disprove criminal activity Used in 2 of the 3 Phases of Computer Forensics Acquisition Images systems gathers evidence Analysis Examines data recovers deleted content Presentation Tools not used Admissibility of Forensic Evidence in Court Data must be relevant reliable Reliability of evidence gathered by tools assessed by judge in pre trial hearing aka Daubert Hearing Assesses Methodology to gather evidence Sound scientific practices Reliable evidence Pre trial Hearings Frye Test past method Responsibility on scientific community Defined acceptable evidence gathering procedures Used Peer Reviewed Journals Daubert Hearing current method Offers additional methods to test quality of evidence Source http www owlinvestigations com forensic articles aural spectrographic s tandards of admissibility html Daubert Hearing Process Testing Is this procedure tested Error Rate What is the error rate of this procedure Publication Has procedure been published and reviewed by peers Acceptance Is the procedure generally accepted within the relevant scientific community Sources http www daubertexpert com basics html http onin com fp daubert links html whatisadauberthearing Types of Security Software Network Firewall Remote Access Network Security Management Vulnerability Management Wireless Emergent Technology Antispyware Antivirus Authentication E Mail Security Identity Access Management Intrusion Detection Intrusion Prevention Types of Forensic Software Password Cracking Acquisition Tools Tools Data Discovery Open Source Tools Tools Mobile Device tools Internet History PDA Cell Phone Tools Large Storage Image Viewers Analysis Tools E mail Viewers Electronic Data Discovery Tools Extract Index Data Create Electronic Images of Data Search by Keyword or Document Similarity Metadata Author Date Created Updated Email date sent received More About Electronic Data Discovery Tools Analyze data Retrieve data from different media Convert between different media and file formats Extract text data from documents Create images of the documents Print documents Archive documents Internet History Tools Reads Information in Complete History Database Displays List of Visited Sites Opens URLs in Internet Explorer Adds URLs to Favorites Copies URLs Prints URLS Saves Listing Ranges as Text File Image E Mail Viewers Views Files Converts Files Catalogs Files Side by Side File Comparisons Password Cracking Tools Password Recovery Allows access to computers 3 Methods to Crack Passwords Dictionary Attack Hybrid Attack Brute Force Attack Source http www 128 ibm com developerworks library s crack Open Source Tools Free tools available to Computer Forensic Specialists Cover entire scope of forensic tools in use May more clearly and comprehensively meet the Daubert guidelines than closed source tools Among the most widely used Source http software newsforge com software 05 04 05 2052235 shtml t id 129 tid 136 tid 147 tid 2 tid 132 Mobile Device Tools Number and variety of toolkits considerably more limited than for computers Require examiner to have full access to device Most tools focus on a single function Deleted data remains on PDA until successful HotSync with computer Sources http csrc nist gov publications nistir nistir 7100 PDAForensics pdf http www cs ucf edu courses cgs5132 spring2002 presentation weiss ppt 5 Forensic Tool Suites Provide a lower cost way to maximize the tools Typically include the most often used tools Parben The Coroner s Toolkit TCT The Sleuth Kit TSK EnCase Forensic Toolkit FTK Maresware A Closer Look EnCase ByteBack Forensic Toolkit Maresware Parben Coroner s Toolkit The Sleuth Kit EnCase Originally developed for law enforcement Built around case management Integrated Windows based graphical user interface GUI Multiple Features ByteBack Cloning Imaging Automated File Recovery Rebuild Partitions Boot Records Media Wipe Media Editor Software Write Block Forensic Toolkit FTK Another Tool Suite Acquires Examines Electronic Data Imaging Tool File Viewer Maresware Collection of Tool rather than Tool Suite Main Difference Tools are Stand Alone Called as Needed 4 Notable Tools Declasfy Brandit Bates no Upcopy Paraben Collection of Stand Alone Tools Made up of 10 Individual Software Tool Sets Purchased Separately Price Break for Multiple Tool Purchases Frequently Used with Mobile Devices Coroner s Toolkit TCT Open Source Tool Suite Supports a Post Mortem Analysis of Unix Linux Systems Written for Incident Response rather than Law Enforcement Not Designed for Requirements to Produce Prosecute The Sleuth Kit TSK Open Source Software Suite Built on TCT Collection of Command Line Tools Provides Media Management Forensic Analysis Core Toolkit Consists of 6 Tools Hardware Acquisition Tools Various Hardware Software platforms Collect Data Process Data Save Data Display Data in Meaningful Manner Forensic Hardware Workstations Copy Analysis Drive Imaging System Drive Wiper Bridge Imaging Device Write Blocker SATA SCSI IDE USB SCSI Bridge Tool Costs Workstations starting at 5 000 Bridges starting at 200 Drive Wipers starting at 1000 Wide assortment of special cables and hardware accessories vary in price Software Free Open Source to over 1000 Choosing Your Forensic Toolkit Expected Types of Investigations Internal Reporting Prosecution Operating Systems Budget Technical Skill Role Law Enforcement Private Organization Prepare to Tool Up Make Lists Don t Overbuy Overlapping Tools No One Size Fits All Training References Computer Forensics Jump Start Michael G Solomon Diane Barret Neil Broom Sybex San Francisco 2005 Hacking Exposed Computer Forensics Chris Davis Aaron Philipp David Cowen McGraw Hill New York 2005 Forensic and Investigative Accounting D Larry Crumbley Lester E Heitger G Stevenson Smith CCH Inc Chicago 2003


View Full Document

USF ACG 6936 - Computer Forensics Tools

Download Computer Forensics Tools
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Computer Forensics Tools and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Computer Forensics Tools 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?