Scribd Logo
Upload

Welcome to Scribd!

  • 55 views

    Chapter 10 DF

    Uploaded by

    cst01sm4311
    Tool This document discusses computer forensic tools. It covers the needs of 10.3 Types of Computer Forensics computer forensic tools, types of tools including hardware and software, and Tools the main tasks tools perform such as acquisition, validation, extraction, 10.4 Tasks 1 reconstruction, and reporting. The goals of tools are to discover evidence, 10.5 Study of Digital Forensic ensure integrity of data, and generate reports in a forensically sound manner. Tools Hardware tools include complete forensic workstation systems while software tools include command line and GUI applications that perform specialized functions like acquisition, searching, and reporting.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Chapter 10 DF

    Uploaded by

    cst01sm4311
    55 views14 pages
    Tool This document discusses computer forensic tools. It covers the needs of 10.3 Types of Computer Forensics computer forensic tools, types of tools including hardware and software, and Tools the main tasks tools perform such as acquisition, validation, extraction, 10.4 Tasks 1 reconstruction, and reporting. The goals of tools are to discover evidence, 10.5 Study of Digital Forensic ensure integrity of data, and generate reports in a forensically sound manner. Tools Hardware tools include complete forensic workstation systems while software tools include command line and GUI applications that perform specialized functions like acquisition, searching, and reporting.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Tool This document discusses computer forensic tools. It covers the needs of 10.3 Types of Computer Forensics computer forensic tools, types of tools including hardware and software, and Tools the main tasks tools perform such as acquisition, validation, extraction, 10.4 Tasks 1 reconstruction, and reporting. The goals of tools are to discover evidence, 10.5 Study of Digital Forensic ensure integrity of data, and generate reports in a forensically sound manner. Tools Hardware tools include complete forensic workstation systems while software tools include command line and GUI applications that perform specialized functions like acquisition, searching, and reporting.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    55 views14 pages

    Chapter 10 DF

    Uploaded by

    cst01sm4311
    Tool This document discusses computer forensic tools. It covers the needs of 10.3 Types of Computer Forensics computer forensic tools, types of tools including hardware and software, and Tools the main tasks tools perform such as acquisition, validation, extraction, 10.4 Tasks 1 reconstruction, and reporting. The goals of tools are to discover evidence, 10.5 Study of Digital Forensic ensure integrity of data, and generate reports in a forensically sound manner. Tools Hardware tools include complete forensic workstation systems while software tools include command line and GUI applications that perform specialized functions like acquisition, searching, and reporting.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 14

    DIGITAL FORENSICS

    DR. NILAKSHI JAIN


    Email ID: [email protected]
    10.1 Computer Forensic Tools
    10.2 Needs of Computer Forensics CHAPTER TEN
    Tool
    10.3 Types of Computer Forensics
    Tools
    10.4 Tasks 1 COMPUTER FORENSICS TOOLS
    10.5 Study of Digital Forensic
    Tools
    Introduction to Computer Forensic Tools
    10.1 Computer Forensic Tools
    10.2 Needs of Computer Forensics
    Tool
    • Computer forensics tools are continuously being
    10.3 Types of Computer Forensics
    industrialized, modernized, repaired, and reviewed. Hence,
    Tools checking vendors’ websites regularly to look for new features
    10.4 Tasks 1 and enhancements is significant.
    10.5 Study of Digital Forensic
    • Many GUI forensics tools are resource concentrated and
    demand computers with more memory and faster processor
    Tools
    speeds.
    Needs of Computer Forensics Tool

    10.1 Computer Forensic Tools


    10.2 Needs of Computer The objective is to discover the best value for as many features as
    Forensics Tool
    possible. Some questions to ask when assessing tools comprises of
    the following:
    10.3 Types of Computer Forensics
    1. On which OS does the forensics tool run?
    Tools 2. Is the tool versatile? For example, does it work in Windows 98,
    10.4 Tasks 1 XP, and Vista, and produce the same results in all three OSs?
    10.5 Study of Digital Forensic 3. Can the tool analyze more than one file system, such as FAT,
    NTFS, and Ext2fs?
    Tools
    4. Can a scripting language be used with the tool to automate
    repetitive functions and tasks?
    5. . Does the tool have any automated features that can help reduce
    the time needed to analyze data?
    6. What is the vendor’s reputation for providing product support?
    Types of Computer Forensics Tools

    10.1 Computer Forensic Tools


    Computer forensics tools are classified into two major categories:
    1. Hardware
    10.2 Needs of Computer Forensics
    2. Software
    Tool • Hardware Forensics Tools
    10.3 Types of Computer Hardware forensics tools range from simple, single-purpose components
    Forensics Tools to complete computer systems and servers. Some samples of complete
    systems are:
    10.4 Tasks 1
    1. Digital Intelligence F.R.E.D. systems
    10.5 Study of Digital Forensic 2. DIBS Advanced Forensic Workstations
    Tools 3. Forensic Computers Forensic Examination Stations and portable
    units.
    • Software Forensics Tools
    Software forensics tools are clustered into command-line and GUI
    applications. Some tools are dedicated to perform one task, like
    SafeBack, a command-line disk acquisition tool from New
    Technologies, Inc. (NTI).
    Tasks Performed by Computer Forensics Tools

    10.1 Computer Forensic Tools


    All computer forensics tools, both hardware and software, execute
    10.2 Needs of Computer Forensics specific functions.
    Tool 1. Acquisition:
    10.3 Types of Computer Forensics Acquisition, the first task in computer forensics investigations, is
    making a copy of the original drive. Subfunctions in the acquisition
    Tools
    category comprises of the following:
    10.4 Tasks 1 • Physical data copy
    10.5 Study of Digital Forensic • Logical data copy
    Tools • Data acquisition format
    • Command-line acquisition
    • GUI acquisition
    • Remote acquisition
    • Verification
    Some computer forensics software suites, like AccessData FTK and
    EnCase, provide discrete tools for obtaining an image.
    Tasks Performed by Computer Forensics Tools

    10.1 Computer Forensic Tools


    10.2 Needs of Computer Forensics 2. Validation and discrimination:
    Two concerns in dealing with computer evidence are critical. First is
    Tool
    guaranteeing the integrity of data being copied (i.e., the validation
    10.3 Types of Computer Forensics process). Second is the discrimination of data, which includes sorting
    Tools and searching through all analysis and research data. . Many forensics
    10.4 Tasks 1 software vendors propose three methods for discriminating data values.
    10.5 Study of Digital Forensic
    These are the sub-purposes of the validation and discrimination
    function:
    Tools • Hashing
    • Filtering
    • Analyzing file headers
    Validating data is done by obtaining hash values.
    The primary purpose of data discrimination is to take away good data
    from suspicious data.
    Tasks Performed by Computer Forensics Tools

    10.1 Computer Forensic Tools


    3. Extraction:
    10.2 Needs of Computer Forensics The extraction function is referred as the recovery task in a
    Tool computing investigation and is the most stimulating of all tasks to
    10.3 Types of Computer Forensics master. Recovering data is the first step in analyzing an investigation’s
    Tools
    data. The following subfunctions of extraction are used in
    investigations:
    10.4 Tasks 1 • Data viewing
    10.5 Study of Digital Forensic • Keyword searching
    Tools • Decompressing
    • Carving
    • Decrypting
    • Bookmarking
    Many computer forensics tools comprises of a data-viewing
    mechanism for digital evidence.
    Tasks Performed by Computer Forensics Tools

    10.1 Computer Forensic Tools 4. Reconstruction


    The purpose of having a reconstruction feature in a forensics tool is to
    10.2 Needs of Computer Forensics
    recreate a suspect drive to display what happened during a crime or an
    Tool incident.
    10.3 Types of Computer Forensics These are the subfunctions of reconstruction:
    Tools • Disk-to-disk copy
    10.4 Tasks
    • Image-to-disk copy
    1
    • Partition-to-partition copy
    10.5 Study of Digital Forensic
    • Image-to-partition copy
    Tools There are several ways to recreate an image of a suspect drive.
    The following are some of the tools that perform an image-to-disk copy:
    • SafeBack
    • SnapBack
    • EnCase
    • FTK Imager
    • ProDiscover
    Tasks Performed by Computer Forensics Tools

    5. Reporting:
    10.1 Computer Forensic Tools To complete a forensics disk analysis and examination, you need to create a
    10.2 Needs of Computer Forensics report.
    Tool Newer Windows forensics tools can generate electronic reports in a variety
    of formats, like word processing documents, HTML Web pages, or Acrobat
    10.3 Types of Computer Forensics
    PDF files. These are the subfunctions of the reporting function:
    Tools • Log reports
    10.4 Tasks 1 • Report generator
    10.5 Study of Digital Forensic As part of the validation process, often you need to document the steps you
    Tools took to obtain data from a suspect drive.
    . The following tools are some that offer report generators displaying
    bookmarked evidence:
    • EnCase
    • FTK
    • Ilook
    • X-Ways Forensics
    • ProDiscover
    Study of Digital Forensic Tools
    10.1 Computer Forensic Tools
    10.2 Needs of Computer Forensics A number of Digital Forensic Tools/suites are available for
    Tool
    investigators to conduct digital forensic investigation .The sleuth
    Toolkit EnCase and FTK are readily acquired digital forensic tools
    10.3 Types of Computer Forensics
    that are emerging to abide with the increase in demand of forensic
    Tools tools. The main aim of this section is to provide an overview of top 25
    10.4 Tasks 1 digital forensic tools. The following digital forensic tools are
    10.5 Study of Digital Forensic explained:
    Tools
    1. Sleuth Kit Autopsy
    • Autopsy is a digital forensics platform that with efficiency analyses
    smartphones and hard disks.
    • It is easy-to-use interface, processes data quick and is cost-efficient.
    • Sleuth Kit is a collection that consists of command line tools and a
    C library permitting the analysis of disk images and file recovery. It
    is used at the back end within the Autopsy tool.
    Study of Digital Forensic Tools

    10.1 Computer Forensic Tools


    10.2 Needs of Computer Forensics
    Key features of autopsy include:
    1. Timeline Analysis—Advanced interface for graphical event
    Tool
    viewing.
    10.3 Types of Computer Forensics 2. Hash Filtering—Flags known bad files and overlooks known good
    Tools files
    10.4 Tasks 1
    3. Keyword Search—Indexed keyword search makes file search
    easier.
    10.5 Study of Digital Forensic
    4. Web Artifacts—Extracting bookmarks, history, and cookies from
    Tools web browsers.
    5. Data Carving—Recovering deleted files from unallocated space by
    using hyperlink “http://www.cgsecurity.org/wiki/PhotoRec”.
    6. Multimedia—Extracting EXIF from pictures and watching videos.
    7. Compromise Indicators—Scanning a computer using STIX.
    Study of Digital Forensic Tools

    10.1 Computer Forensic Tools


    • Pros: Good documentation and support
    • Cons: It requires special user skills because it is based on Unix.
    10.2 Needs of Computer Forensics • About Disk Analysis:
    Tool Once the right steps are taken to secure and verify the disk image, the actual
    10.3 Types of Computer Forensics
    contents of the image should be analyzed for suspicious or criminative proof.
    • About Kali Linux Sleuth Kit and Autopsy:
    Tools The following features are available through Autopsy/Sleuth Kit:
    10.4 Tasks 1 1. Timeline Analysis: Graphical event viewing interface.
    2. Hash Filtering: Flag known bad files and ignore known good files.
    10.5 Study of Digital Forensic
    3. File System Forensic Analysis: Recover files from most common formats.
    Tools 4. Keyword Search: Indexed keyword search to find files that mention relevant
    terms.
    5. Web Artefacts: Extract history, bookmarks, and cookies from Firefox,
    Chrome, and IE.
    6. Multimedia: Extract EXIF from pictures and watch videos.
    7. Email Analysis: Parses MBOX format messages, such as Thunderbird.
    DR. NILAKSHI JAIN
    Email ID : • Thank you
    [email protected]

    You might also like