when conducting digital investigations. A basic set of forensic tools is required.
This collection of tools maybe refer to as a forensic investigation. Sweet.
It includes software for supporting tasks ranging from imaging and decrypting discs, cracking passwords and reviewing logs
before starting data examination or evidence extraction on a disk or device. An exact bit level image of the original source needs created.
This ensures the original data is not compromised and is admissible if needed. For legal proceedings.
A bit level image is made from any removable media.
A hash using either the MD five or Shaw algorithms is calculated from both sources and then compared to validate the integrity of the copy.
Once a bit level images created, data analysis commences using the image copy. Never the original.
There are many different tools for image analysis.
In case software is available in a number of products used for forensics and analytics,
it's commonly used to create forensic images, recover data from hard drives and conduct end up analysis of user files and the registry.
Another application, F T K or forensic tool kit is similar to in case and used to image and scan hard drives as well as compute hashes, find deleted files and crack encryption using discovered text rings or rainbow tables
with Windows systems. A group of tools known assist internals that are commonly used to manage, troubleshoot and diagnose system and application issues is also used to perform forensic research and analysis of the operating system and processes.
Many newer forensic tools were developed in response to the increased use of mobile devices. Victim is an open source mobile forensics tool. It allows investigators the ability to view and manipulate data on most types of mobile phones.
Another popular tool is celebrate, which connects to mobile phones and safely collect evidence while bypassing the lock mechanism.
Because most users locked their devices with passwords, investigators need password crackers to bypass the authentication to access the data stored on the device.
John the Ripper is a free password cracking application that works with most operating systems. Dictionary attack and brute force are the two most common cracking modes used by John the Ripper.
Cain and Abel is similar to John the Ripper but is used exclusively on window systems.
It uses network packet sniffing and brute force techniques for discovering and cracking passwords.
Users may also encrypt the data on the device, using tools like that locker true crypt or PGP.
When an investigator needs to analyze data that is encrypted and they don't have the decryption key or password, a tool to break the encryption is needed.
ElcomSoft is a forensic tool that is widely used by the government, military and law enforcement.
It features password recovery and encryption abilities, along with extraction and analysis tools.
Another useful resource for digital forensic investigators is device logs,
log management and viewing tools eight and locating in analyzing logs produced by different operating systems and devices and collected in a centralized location.
Log data can highlight a trail, provide a piece to an incident, puzzle or help scope examination needs for the investigator
and forensic investigations. Multiple investigators may work with the same evidence analyzing different aspects of it, depending on their role in investigation.
To ensure the evidence is not compromised and remains admissible in court. A chain of custody is followed.
A chain of custody chronologically records, sequence of custody, control exchange and nature of analysis of the evidence.
The list must include every individual who came in contact with the evidence and insurers. They're accountable for what happens during that time.
A forensic investigation suite of tools is an essential component. The digital investigation
having the right tool for a given scenario is critical to enable an investigator to access and analyze the data without impacting the integrity.
A prepared tool sweep along with a dedicated forensic work station, our core to a well managed and effective digital investigation.