Open navigation menu

Scribd

0% found this document useful (0 votes)

2 views

Chapter 7 - Current Computer Forensics Tools

Chapter 7 of the 'Guide to Computer Forensics and Investigations' discusses various types of computer forensics tools, including hardware and software, and outlines their primary tasks such as acquisition, validation, extraction, reconstruction, and reporting. It details the subfunctions of each task, emphasizing the importance of data integrity and the challenges of data recovery, especially with encrypted files. Additionally, it highlights considerations for selecting forensics tools, including flexibility, reliability, and the need for a library of older versions.

Uploaded by

Copyright

© © All Rights Reserved

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views

Chapter 7 - Current Computer Forensics Tools

Chapter 7 of the 'Guide to Computer Forensics and Investigations' discusses various types of computer forensics tools, including hardware and software, and outlines their primary tasks such as acquisition, validation, extraction, reconstruction, and reporting. It details the subfunctions of each task, emphasizing the importance of data integrity and the challenges of data recovery, especially with encrypted files. Additionally, it highlights considerations for selecting forensics tools, including flexibility, reliability, and the need for a library of older versions.

Uploaded by

Copyright

© © All Rights Reserved

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 18

Guide to Computer Forensics

and Investigations
Fourth Edition

Chapter 7
Current Computer Forensics
Tools
Types of Computer Forensics Tools

• Hardware forensic tools

– Range from single-purpose components to complete
computer systems and servers
• Software forensic tools
– Types
• Command-line applications
• GUI applications
– Commonly used to copy data from a suspect’s disk
drive to an image file

Guide to Computer Forensics and Investigations 2

Tasks Performed by Computer
Forensics Tools

• Five major categories:

– Acquisition
– Validation and discrimination
– Extraction
– Reconstruction
– Reporting

Guide to Computer Forensics and Investigations 3

Tasks Performed by Computer
Forensics Tools (continued)
• Acquisition
– Making a copy of the original drive
• Acquisition subfunctions:
– Physical data copy
– Logical data copy
– Data acquisition format
– Command-line acquisition
– GUI acquisition
– Remote acquisition
– Verification

Guide to Computer Forensics and Investigations 4

Tasks Performed by Computer
Forensics Tools (continued)

• Acquisition (continued)
– Two types of data-copying methods are used in
software acquisitions:
• Physical copying of the entire drive
• Logical copying of a disk partition
– The formats for disk acquisitions vary
• From raw data to vendor-specific proprietary
compressed data
– You can view the contents of a raw image file with
any hexadecimal editor

Guide to Computer Forensics and Investigations 5

Guide to Computer Forensics and Investigations 6
Tasks Performed by Computer
Forensics Tools (continued)

• Acquisition (continued)
– Creating smaller segmented files is a typical feature
in vendor acquisition tools
– All computer forensics acquisition tools have a
method for verification of the data-copying process
• That compares the original drive with the image

Guide to Computer Forensics and Investigations 7

Tasks Performed by Computer
Forensics Tools (continued)

• Validation and discrimination

– Validation
• Ensuring the integrity of data being copied
– Discrimination of data
• Involves sorting and searching through all
investigation data

Guide to Computer Forensics and Investigations 8

Tasks Performed by Computer
Forensics Tools (continued)
• Validation and discrimination (continued)
– Subfunctions
• Hashing
– CRC-32, MD5, Secure Hash Algorithms
• Filtering
– Based on hash value sets
• Analyzing file headers
– Discriminate files based on their types
– National Software Reference Library (NSRL) has
compiled a list of known file hashes
• For a variety of OSs, applications, and images

Guide to Computer Forensics and Investigations 9

Tasks Performed by Computer
Forensics Tools (continued)

• Validation and discrimination (continued)

– Many computer forensics programs include a list of
common header values
• With this information, you can see whether a file
extension is incorrect for the file type
– Most forensics tools can identify header values

Guide to Computer Forensics and Investigations 10

Tasks Performed by Computer
Forensics Tools (continued)

• Extraction
– Recovery task in a computing investigation
– Most demanding of all tasks to master
– Recovering data is the first step in analyzing an
investigation’s data

Guide to Computer Forensics and Investigations 11

Tasks Performed by Computer
Forensics Tools (continued)
• Extraction (continued)
– Subfunctions
• Data viewing
• Keyword searching
• Decompressing
• Carving
• Decrypting
• Bookmarking
– Keyword search speeds up analysis for investigators

Guide to Computer Forensics and Investigations 12

Tasks Performed by Computer
Forensics Tools (continued)

• Extraction (continued)
– From an investigation perspective, encrypted files
and systems are a problem
– Many password recovery tools have a feature for
generating potential password lists
• For a password dictionary attack
– If a password dictionary attack fails, you can run a
brute-force attack

Guide to Computer Forensics and Investigations 13

Tasks Performed by Computer
Forensics Tools (continued)

• Reconstruction
– Re-create a suspect drive to show what happened
during a crime or an incident
– Subfunctions
• Disk-to-disk copy
• Image-to-disk copy
• Partition-to-partition copy
• Image-to-partition copy

Guide to Computer Forensics and Investigations 14

Tasks Performed by Computer
Forensics Tools (continued)

• Reconstruction (continued)
– Some tools that perform an image-to-disk copy:
• SafeBack
• SnapBack
• EnCase
• FTK Imager
• ProDiscover

Guide to Computer Forensics and Investigations 15

Tasks Performed by Computer
Forensics Tools (continued)
• Reporting
– To complete a forensics disk analysis and
examination, you need to create a report
– Subfunctions
• Log reports
• Report generator
– Use this information when producing a final report for
your investigation

Guide to Computer Forensics and Investigations 16

Tool Comparisons

Guide to Computer Forensics and Investigations 17

Other Considerations for Tools

• Considerations
– Flexibility
– Reliability
– Expandability
– Keep a library with older version of your tools
• Create a software library containing older versions
of forensics utilities, OSs, and other programs

Guide to Computer Forensics and Investigations 18

You might also like

Solutioning Consumer Identity & Access Management (CIAM) - V1.0
No ratings yet
Solutioning Consumer Identity & Access Management (CIAM) - V1.0
27 pages
Computer Forensics: Infosec Pro Guide Ch7 Live vs. Postmortem Forensics
No ratings yet
Computer Forensics: Infosec Pro Guide Ch7 Live vs. Postmortem Forensics
35 pages
Forensic Aquisition
No ratings yet
Forensic Aquisition
42 pages
Project Report On - Social Networking Portal
100% (1)
Project Report On - Social Networking Portal
31 pages
NodeJS Custom Login Page Dissected.
No ratings yet
NodeJS Custom Login Page Dissected.
5 pages
Guide To Computer Forensics and Investigations Third Edition
100% (1)
Guide To Computer Forensics and Investigations Third Edition
55 pages
Dr. Phil Nyoni: Digital Forensics Lecture 6: Forensics Tools July 2021
No ratings yet
Dr. Phil Nyoni: Digital Forensics Lecture 6: Forensics Tools July 2021
40 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
57 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
67 pages
Current Computer Forensics Tools
No ratings yet
Current Computer Forensics Tools
65 pages
Lecture 2 APIC 1.2.3
No ratings yet
Lecture 2 APIC 1.2.3
49 pages
Guide For Digital Forensic
No ratings yet
Guide For Digital Forensic
69 pages
CF Unit 3
No ratings yet
CF Unit 3
151 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
56 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
58 pages
rohini_15503801356
No ratings yet
rohini_15503801356
11 pages
Chapter 8 - Computer Forensics Analysis and Validation
No ratings yet
Chapter 8 - Computer Forensics Analysis and Validation
30 pages
Unit 4
No ratings yet
Unit 4
72 pages
CH 09
No ratings yet
CH 09
56 pages
4680 ch04
No ratings yet
4680 ch04
64 pages
Digital Forensics (Data Acquisition and Hashing)
100% (1)
Digital Forensics (Data Acquisition and Hashing)
48 pages
PPT ch09
No ratings yet
PPT ch09
47 pages
6 Analysis & Validation Xid-10936710 2
No ratings yet
6 Analysis & Validation Xid-10936710 2
34 pages
Lecture 1b Digital Forensic
No ratings yet
Lecture 1b Digital Forensic
42 pages
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
No ratings yet
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
17 pages
1 Digital Forensics 04
No ratings yet
1 Digital Forensics 04
12 pages
LO - 2 - Data Capture and Memory Forensics
No ratings yet
LO - 2 - Data Capture and Memory Forensics
51 pages
CH 04
No ratings yet
CH 04
76 pages
CH 04 I C
No ratings yet
CH 04 I C
93 pages
SCI4201 Lecture 4 - Data Acquistion
No ratings yet
SCI4201 Lecture 4 - Data Acquistion
46 pages
Chap 3 Digital Forensics
100% (1)
Chap 3 Digital Forensics
121 pages
SCI4201 Lecture 2 - Investigative Process
No ratings yet
SCI4201 Lecture 2 - Investigative Process
39 pages
Understanding Computer Investigations
No ratings yet
Understanding Computer Investigations
64 pages
Memory Forensic in Incident Response
100% (2)
Memory Forensic in Incident Response
74 pages
Source of Digital Evidence - Lesson - 4
No ratings yet
Source of Digital Evidence - Lesson - 4
66 pages
Chapter 10 - Virtual Machines, Network Forensics, And Live Acquisitions
No ratings yet
Chapter 10 - Virtual Machines, Network Forensics, And Live Acquisitions
27 pages
Data Acquisition
100% (1)
Data Acquisition
31 pages
Flow Chart
No ratings yet
Flow Chart
34 pages
Lec3 18-3-2024
No ratings yet
Lec3 18-3-2024
52 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
34 pages
CH 11
No ratings yet
CH 11
34 pages
Computer Forensics - Lesson 02
No ratings yet
Computer Forensics - Lesson 02
30 pages
Common Forensics Tools
No ratings yet
Common Forensics Tools
10 pages
Internet Forensics and Cyber Security: Unit 3
No ratings yet
Internet Forensics and Cyber Security: Unit 3
55 pages
Lec7 Analysis
No ratings yet
Lec7 Analysis
30 pages
Unit 4.3
No ratings yet
Unit 4.3
56 pages
Chapter 4 - Data Acquisition
No ratings yet
Chapter 4 - Data Acquisition
39 pages
Cyber Forensic YHK u1p5
No ratings yet
Cyber Forensic YHK u1p5
12 pages
Lec 2
No ratings yet
Lec 2
23 pages
Data Acquisition: Paul Ssemaluulu (PHD)
100% (2)
Data Acquisition: Paul Ssemaluulu (PHD)
35 pages
Guide To Computer Forensics and Investigations, Second Edition
No ratings yet
Guide To Computer Forensics and Investigations, Second Edition
44 pages
Dr. Phil Nyoni: Digital Forensics Lecture 2: Acquiring Digital Evidence July 2021
No ratings yet
Dr. Phil Nyoni: Digital Forensics Lecture 2: Acquiring Digital Evidence July 2021
56 pages
Linux Troubleshooting, Performance, and Security: From Linux+ Guide To Linux Certification, 3e
No ratings yet
Linux Troubleshooting, Performance, and Security: From Linux+ Guide To Linux Certification, 3e
56 pages
Module 2 Webinar Slides - Powerpoint
No ratings yet
Module 2 Webinar Slides - Powerpoint
24 pages
Reupload
No ratings yet
Reupload
63 pages
UNIT IV-Current Computer Forensics Tools
No ratings yet
UNIT IV-Current Computer Forensics Tools
5 pages
Lec3 23-3-2024
No ratings yet
Lec3 23-3-2024
35 pages
Lecture 9 Data Analysis and Validation
No ratings yet
Lecture 9 Data Analysis and Validation
30 pages
Unit - 2 Chapter - 5
No ratings yet
Unit - 2 Chapter - 5
3 pages
39 - Physical Memory Forensics
No ratings yet
39 - Physical Memory Forensics
53 pages
Guide To Computer Forensics Investigation
No ratings yet
Guide To Computer Forensics Investigation
65 pages
Computer Forensics JumpStart
From Everand
Computer Forensics JumpStart
Michael G. Solomon
3.5/5 (2)
PC Essentials | Learn Basic Computing
From Everand
PC Essentials | Learn Basic Computing
Nolo Nob
No ratings yet
Chapter 1 - Catalysts for Change
No ratings yet
Chapter 1 - Catalysts for Change
24 pages
Chapter 8 and 9 - Developing Network Security and Management Strategies
No ratings yet
Chapter 8 and 9 - Developing Network Security and Management Strategies
25 pages
Chapter10
No ratings yet
Chapter10
48 pages
Chapter05
No ratings yet
Chapter05
48 pages
Securing Your Data in Motion With TLS
No ratings yet
Securing Your Data in Motion With TLS
38 pages
Nestee Independent Contractor Agreement Annex V19sep2022
No ratings yet
Nestee Independent Contractor Agreement Annex V19sep2022
7 pages
Unit 1 Retired Test 3 Answer Sheet Harrison Odonnell 123919 It Level 2
No ratings yet
Unit 1 Retired Test 3 Answer Sheet Harrison Odonnell 123919 It Level 2
3 pages
Cyber
100% (1)
Cyber
19 pages
IMP Penetration Test
100% (1)
IMP Penetration Test
4 pages
Tewodros Getaneh 2018
No ratings yet
Tewodros Getaneh 2018
123 pages
Lecture 2
No ratings yet
Lecture 2
49 pages
Isaca Sox
No ratings yet
Isaca Sox
24 pages
PhishMate Final Report
No ratings yet
PhishMate Final Report
97 pages
Bitdefender EndpointSecurityToolsForWindows UsersGuide EnUS
No ratings yet
Bitdefender EndpointSecurityToolsForWindows UsersGuide EnUS
50 pages
Start: System Flowchart
No ratings yet
Start: System Flowchart
7 pages
BlackHatUSA2018 DEFCON26 PHV wpa-sec AlexStanev
No ratings yet
BlackHatUSA2018 DEFCON26 PHV wpa-sec AlexStanev
17 pages
Exam in Cybercrime Envtl Laws With Answers
100% (1)
Exam in Cybercrime Envtl Laws With Answers
19 pages
Security Issues in Mobile Agents
No ratings yet
Security Issues in Mobile Agents
7 pages
IOT Seminar Report
No ratings yet
IOT Seminar Report
23 pages
Enx Vcsa 1 1 en
No ratings yet
Enx Vcsa 1 1 en
106 pages
ETI Microproject (Final) KAIF
No ratings yet
ETI Microproject (Final) KAIF
15 pages
RTAF Password
No ratings yet
RTAF Password
1 page
User Manual: Easylogic™ Pm2100 Series
No ratings yet
User Manual: Easylogic™ Pm2100 Series
92 pages
Data Encryption Standard
No ratings yet
Data Encryption Standard
29 pages
H.salem, Reaction Paper
No ratings yet
H.salem, Reaction Paper
8 pages
Implementing A Zero Trust Architecture: Nist Special Publication 1800-35B
No ratings yet
Implementing A Zero Trust Architecture: Nist Special Publication 1800-35B
127 pages
Technical Proposal - Ipsec VPN Implementation
100% (1)
Technical Proposal - Ipsec VPN Implementation
6 pages
Security and Compliance
No ratings yet
Security and Compliance
11 pages
Tutorial 11 Solutions
No ratings yet
Tutorial 11 Solutions
7 pages
Lecture On Ethical Hacking
No ratings yet
Lecture On Ethical Hacking
100 pages
Introduction To Computer Virus and Malware
No ratings yet
Introduction To Computer Virus and Malware
54 pages