tailieunhanh - Guide to Computer forensics and investigations - Chapter 6: Current digital forensics tools

Chapter 6 "Current digital forensics tools", this chapter explores many software and hardware tools used during digital forensics investigations. No specific tools are recommended; instead, the goal is to explain how to select tools for digital investigations based on specific criteria. | Guide to Computer Forensics and Investigations Fifth Edition Chapter 6 Current Digital Forensics Tools Guide to Computer Forensics and Investigations, Fifth Edition Objectives Explain how to evaluate needs for digital forensics tools Describe available digital forensics software tools List some considerations for digital forensics hardware tools Describe methods for validating and testing forensics tools Guide to Computer Forensics and Investigations, Fifth Edition Evaluating Digital Forensics Tool Needs Consider open-source tools; the best value for as many features as possible Questions to ask when evaluating tools: On which OS does the forensics tool run What file systems can the tool analyze? Can a scripting language be used with the tool to automate repetitive functions? Does it have automated features? What is the vendor’s reputation for providing support? Guide to Computer Forensics and Investigations, Fifth Edition Types of Digital Forensics Tools Hardware forensic | Guide to Computer Forensics and Investigations Fifth Edition Chapter 6 Current Digital Forensics Tools Guide to Computer Forensics and Investigations, Fifth Edition Objectives Explain how to evaluate needs for digital forensics tools Describe available digital forensics software tools List some considerations for digital forensics hardware tools Describe methods for validating and testing forensics tools Guide to Computer Forensics and Investigations, Fifth Edition Evaluating Digital Forensics Tool Needs Consider open-source tools; the best value for as many features as possible Questions to ask when evaluating tools: On which OS does the forensics tool run What file systems can the tool analyze? Can a scripting language be used with the tool to automate repetitive functions? Does it have automated features? What is the vendor’s reputation for providing support? Guide to Computer Forensics and Investigations, Fifth Edition Types of Digital Forensics Tools Hardware forensic tools Range from single-purpose components to complete computer systems and servers Software forensic tools Types Command-line applications GUI applications Commonly used to copy data from a suspect’s disk drive to an image file Guide to Computer Forensics and Investigations, Fifth Edition Tasks Performed by Digital Forensics Tools Follow guidelines set up by NIST’s Computer Forensics Tool Testing (CFTT) program ISO standard 27037 states: Digital Evidence First Responders (DEFRs) should use validated tools Five major categories: Acquisition Validation and verification Extraction Reconstruction Reporting Guide to Computer Forensics and Investigations, Fifth Edition Tasks Performed by Digital Forensics Tools Acquisition Making a copy of the original drive Acquisition subfunctions: Physical data copy Logical data copy Data acquisition format Command-line acquisition GUI acquisition Remote, live, and memory acquisitions Guide to Computer Forensics and Investigations, Fifth Edition