Join Sandra Toner for an in-depth discussion in this video Selecting forensic software, part of Learning Computer Security Investigation and Response.
- In this video, we'll look at some of the tools that could be employed in your forensic lab. In a later video, I'll focus on freeware or open source forensic tools. Let's look at some examples of commonly used tools for file sanitization. You can use BCWipe, which is a free utility that securely deletes files and sanitizes hard drives. You can also use a program called Eraser. Eraser is also a free utility that securely deletes files and sanitizes a hard drive. There's also Microsoft SDelete.
This is a free command-line utility for securely deleting files. I mentioned in an earlier video, on the Mac, you have the option of using Secure Empty Trash. On a Mac, you can also use the SRM command to securely delete files. Next, let's talk about media sanitization. There's a program out there called Identity Finder that can be used either on a Mac or on a PC. It's a commercial tool that's licensed by Carnegie Mellon and it scans your computer for sensitive information, like, social security numbers, credit and debit card numbers, driver's license numbers.
It offers alternatives for safeguarding sensitive information, including the ability to encrypt, redact, which means block information, and securely erase. In an earlier video, I also mentioned EnCase as a tool for evidence management. This is a commercial tool and it's widely considered an industry standard. It allows an investigator to connect an Ethernet or null modem cable to the system in order to view its data. EnCase also automates verification of the integrity of the evidence files entered into the system.
Now let's talk about a really cool set of forensic tools. You can tell this is one of my favorites. It's called the SANS Incident Forensic Toolkit or SIFT Workstation. This is used for incident response and digital forensics. While it's a free download, it can go toe-to-toe with a lot of commercial forensic tool suites. It has file system support, evidence imaging, incident response tools, partition mapping, and a plethora of useful software.
When you're building your forensic lab, this is definitely a suite of tools that you're going to want to check out and play around with. Finally, let's talk about Linux. If you're on a Linux environment, you can use something called Helix. Helix is a Live Linux CD, so it's possible to run it on a suspect machine while the installed operating system still remains inactive. It's used for system investigation and analysis. It can also be used for data recovery. In this video, I described some of the tools that you can add to your forensic lab that are widely adopted among the forensic investigation professional community.
This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools