2. Computer
Forensic
Tools
1. Image creation: FTK imager
• Data Preview & Imaging
1. FTK® Imager is a data preview and imaging tool that lets you
quickly assess electronic evidence to determine if further
analysis with a forensic tool such as Forensic Toolkit (FTK®) is
warranted.
2. Create forensic images of local hard drives, CDs and DVDs,
thumb drives or other USB devices, entire folders, or individual
files from various places within the media
• Perfect Copies & Forensic Images
1. FTK® Imager can create perfect copies, or forensic images of
computer data without making changes to the original evidence
2. The forensic image is identical in every way to the original,
including file slack and unallocated space or drive free space
3. This allows you to store the original media away, safe from harm
while the investigation proceeds using the image.
3. 1. Generate hash reports for regular files and disk images to use as a benchmark to prove the
integrity of your case evidence.
2. When a full drive is imaged, a hash generated by FTK® Imager can be used to verify that the
image hash and the drive hash match after the image is created, and that the image has
remained unchanged since acquisition.
1. Mount an image for a read-only view that leverages Windows® Internet Explorer® to see the
content of the image exactly as the user saw it on the original drive.
2. See and recover files that have been deleted from the Recycle Bin, but have not yet been
overwritten on the drive.
• Image Mounting
• Hash Reports
5. Features :
• Free and open source.
• Live capture and offline analysis
• Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many
others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• Rich VoIP analysis
• Output can be exported to XML, PostScript®, CSV, or plain text
6. Email Forensic Tools
• Email forensic tools (also known as email analysis software) are digital tools that process, clean, parse,
visualise and extract information from emails to provide analysts with the information they need to conduct
and solve investigations.
Tools :
ETL / Data preparation
• Xtraxtor
• Aid4Mail
Investigations and Analysis
• Sintelix
• MailXaminer
Cyber Forensics
• MailPro+
• Autopsy
7. 1.Sintelix
• Sintelix – an advanced text intelligence software used by world-leading
intelligence agencies for over a decade – is, without doubt, the most advanced
tool for visualisation and network association discovery for email investigations.
• Sintelix provides a dedicated solution for easy email analysis allowing analysts to
import email data (drag and drop) then instantly create visualisations and
networks with a few clicks.
Best used for
• Visualising email data
• Link and network analysis
• Investigation discovery
• Search email and file search
8. Category
• Investigation and analysis
Platforms
• Windows, Linux
Features :
• Powerful network analysis
• Automatic and customisable entity extraction
• Email de-duping and processing
• Search across both e-mails and all other data from a single
place
9. 2.AId4mail (Email Forensics)
Aid4Mail is a fast, accurate, and easy-to-learn email forensics software
solution.
It features a detailed file inspector allowing quick analysis of suspect
emails and attachments.
Best used for
• Evidence gathering and reporting
• Low-level file inspection (hex views, file hashes)
• Preserves hidden metadata
11. Computer Forensic Analysis
• Checklist of Computer Forensics Analysis Discovery Of Electronic Evidence
• Do not alter discovered information.
• Always back up discovered information.
• Document all investigative activities.
• Accumulate the computer hardware and storage media necessary for the search circumstances.
• Prepare the electronic means needed to document the search.
• Ensure that specialists are aware of the overall forms of information evidence that are expected to be encountered as well as the proper
handling of this information
• Evaluate the current legal ramifications of information discovery searches.
12. • Back up the information discovery file or file
• Start the lab evidence log.
• Mathematically authenticate the information discovery file or files.
• Proceed with the forensic examination.
• Find the MD5 message digest for the original information discovery file or files.
• Log all message digest values in the lab evidence log.
• Briefly compare the physical search and seizure with its logical (data-oriented)
counterpart, information discovery.
13. Information Warfare Arsenal
• Information war has been described as "the use of information to achieve our national objectives.
• Information warfare (IW) (as different from cyber warfare that attacks computers, software, and command
control systems) is a concept involving the battlespace use and management of information and
communication technology (ICT) in pursuit of a competitive advantage over an opponent.
• Information warfare is the manipulation of information trusted by a target without the target's awareness so
that the target will make decisions against their interest but in the interest of the one conducting information
warfare.
• As a result, it is not clear when information warfare begins, ends, and how strong or destructive it is.
• Information warfare is closely linked to psychological warfar
14. Information warfare can take many forms:
1. Television, internet and radio transmission(s) can be jammed.
2. Television, internet and radio transmission(s) can be hijacked for a disinformation campaign.
3. Logistics networks can be disabled.
4. Enemy communications networks can be disabled or spoofed, especially online social
community in modern days.
5. Stock exchange transactions can be sabotaged, either with electronic intervention, by leaking
sensitive information or by placing disinformation.
6. The use of drones and other surveillance robots or webcams.