Join Jungwoo Ryoo for an in-depth discussion in this video Computer forensics tools, part of Learning Computer Forensics (2014).
There are many tools of the trade in computer forensics. Some of these tools are software based, others are hardware based. Many of the computer forensic software tools exist in the form of a computer forensics software suite. They usually have a comprehensive set of features that cover a case from the beginning to its completion. Some of these features include abilities to acquire and process data, conduct searches, and generate reports.
EnCase by Guidance Software is one of the examples of a computer forensics software suite. Depending on the nature of your case, there are times you need specialized software tools, other than a computer forensics software suite. Because sometimes they don't provide the particular feature you are looking for to support your case. For example, if you have to retrieve a hidden text in a picture file, a typical run of the mill computer forensics software tool wouldn't be able to help you.
For that, you need a specialized tool can a steganography tool similar to the one you're seeing in this slide. There are also special hardware needs. Forensics software is demanding in terms of processing power, memory size, and disk space. So the more processing power the bigger memory size and disk space you have, probably the better. Forensics workstations often also feature extra bays and additional ports.
In addition to the computer forensics workstation, you may also need some special equipment, such as a write blocker, which prevents an operating system from writing over an evidence drive. There are also software write blockers out there. But, a lot of times, hardware write blockers are preferred. Although it's not very special, another tool you need in your computer forensics investigation is a large capacity storage device. And a lot of times these evidence drives are large capacity drives, especially these days.
Because the sizes of these storage devices today are increasing. Therefore, to be effective as a computer forensics investigator, you have to have all these necessary tools. Throughout this course, you'll have plenty of opportunities to be exposed to many of these tools I've mentioned in this lesson.
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report