Downloaded 25 times
![References
Infosec (2018). 22 Popular Computer Forensics Tools [Updated for 2018].
Retrieved from http://resources.infosecinstitute.com/computer-forensics-
tools/#gref
Kumari, N., & Mohapatra , A.K. (2016). An insight into digital forensics
branches and tools. 2016 International Conference On Computational
Techniques In Information & Communication Technologies (ICCTICT),
243-250. doi: 10.1109/ICCTICT.2016.7514586
Nieto, A., Rios, R., & Lopez, J. (2018). IoT-forensics meets privacy: Towards
cooperative digital investigations. Sensors, 18(2), 492-509. doi:
10.3390/s18020492
Roussev, V., Ahmed, I., Barreto, A., McCulley, S., & Shanmughan, V. (2016).
Cloud forensics-Tool development studies and future outlook. Digital
Investigation, 1879-1895. doi: 10.1016/j.din.2016.05.001](https://image.slidesharecdn.com/digitalforensictools-180226162929/85/Digital-forensic-tools-14-320.jpg)
Uploaded byParsons Corporation
Digital forensic tools
The document discusses digital forensics, emphasizing the methodologies and tools used for the investigation of digital evidence from various sources such as computers, networks, and mobile devices. It highlights challenges faced in the field, including technological hurdles, legal issues, and the vast volume of data. Several forensic tools are reviewed, detailing their functionalities, strengths, and limitations.
More Related Content
Similar to Digital forensic tools
Digital forensic tools
- 1.
- 2. Digital Forensics Defined Implement scientifically developed and validated methodologies for the collection, preservation, identification, analysis, interpretation, documentation, analysis, and presentation of digital evidences obtained during the investigation. Digital evidences obtain from digital hardware or software could contribute to or provide better definition on events that are potentially criminal.
- 3. Digital Forensics Branches Computer Network Mobile Device Memory Email
- 4. Challenges Technology-discovery hinderedby different media format, anti-forensic, encryption and steganography Legal-jurisdictional conflict and lack of standardized policy/legislation Resource-volume of data, unspecialized equipment, media acquisition time Perspective-disparity of researchers vs. practitioners
- 5.
- 6. EnCase Retrieves evidencefrom handheld devices Forensic, eDiscovery, and security investigation Conducts top to bottom records investigation Automatic data collection and recording to Android device Contains different viewing perspectives of information Ability to acquire data from other devices while maintaining integrity of all evidences User friendly; built-in reporting functionalities Built in encryption support X Very expensive; compatibility with other forensic devices X Processing time is lengthy
- 7. WinHex Examine anylevel of digital evidence Verify results of other tools Create forensic image of stored data Interprets correct date/time of system files Calculates MD5 hash value Recovers deleted files Effective on NTFS/FAT file system/EXT2 & EXT3 Linux Useful in learning about file partition & file data structure Enables low-level data analysis X Inability to make logical search-only physical search X Displays improper error messages during copying
- 8. FTK (Forensic Tool Kit) Complete hard drive examination Finds deleted emails Scans the disk for content strings Incorporates independent disk imaging program Contains different viewing perspectives of information Computes MD5 hash values; affirms document integrity Simple user interface; Advance search/password access Supports EFS encryption; Significant bookmarking ability X No multi-tasking capabilities X No progress bar to estimate time remaining
- 9. X-Ways Forensics Commercialcomputer forensic asset New file container format widely compatible Incorporates 22 languages Extensive list of functionalities Access to disk, RAIDS over 2TB Analyze remote computers Customizable evidence processing options Portable; continually checks for updates X Complex user interface X No Bit locker support; dongle-based software
- 10. Oxygen Forensic Suite Commercial computer forensic asset New file container format widely compatible Incorporates 22 languages Extensive list of functionalities Access to disk, RAIDS over 2TB Analyze remote computers Customizable evidence processing options Portable; continually checks for updates X Complex user interface X No Bit locker support; dongle-based software
- 11. IOT/IOC Forensic Proposition ProFIT- Privacy-aware-IOT-Forensics Citizens’ participation is center of gravity
- 12. Cloud Forensic Proposition Service migration is increasing Cloud services frequently hosted by third parties Infrastructure is remote & virtualized Primary concern is security
- 13. References Baig, Z.A.,Szewczyk, P., Valli, C., Rabadia, P., Hannay, P., Chernyshev, M., Johnstone, M., Kerai, P., Ibrahim, A., Sansurooah, K., Syed, N., & Peacock, M. (2017). Future challenges for smart cities: Cyber-security and digital forensics. Digital Investigation, 22, 3-13. doi: 10.1016/j.diin.2017.06.015 Cisco (2014). Cisco global cloud index: forecast and methodology, 2013–2018. Corporate Website. Retrieved from http://www.cisco.com/c/en/us/solutions/ collateral/service-provider/global-cloud-index-gci Cloud_Index_White_Paper.pdf Grispos, G., Storer, T., & Glisson, W.B. (2012). Calm before the storm: the challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics, 4(2), 28-48 Harbawi, M., & Varol, A. (2016). The role of digital forensics in combatting cyber crimes (2016). 2016 4th International Symposium on Digital Forensic and Security (ISDFS), Digital Forensic and Security (ISDFS),138-142. doi: 10.1109/ISDFS. 2016.7473532
- 14. References Infosec (2018).22 Popular Computer Forensics Tools [Updated for 2018]. Retrieved from http://resources.infosecinstitute.com/computer-forensics- tools/#gref Kumari, N., & Mohapatra , A.K. (2016). An insight into digital forensics branches and tools. 2016 International Conference On Computational Techniques In Information & Communication Technologies (ICCTICT), 243-250. doi: 10.1109/ICCTICT.2016.7514586 Nieto, A., Rios, R., & Lopez, J. (2018). IoT-forensics meets privacy: Towards cooperative digital investigations. Sensors, 18(2), 492-509. doi: 10.3390/s18020492 Roussev, V., Ahmed, I., Barreto, A., McCulley, S., & Shanmughan, V. (2016). Cloud forensics-Tool development studies and future outlook. Digital Investigation, 1879-1895. doi: 10.1016/j.din.2016.05.001
Editor's Notes
- #2 Greetings! My name is Leon Hamilton and welcome to our presentation and I would like to share some of the tools utilized in digital forensics. The novel technologies are easily integrated into existing technological assets as well as our existing behavior needs and lives for that matter. Unfortunately, cybercrime is also expanding. A primary challenge is that the technology and creativity of cybercriminals changes at a rapid pace. Unfortunately, we are, in a sense, at the mercy of their minds, resources, and the amount of time they have on their hands. Consequently, digital forensic crime investigation is becoming a more challenging engagement. I will introduce some of the available forensic tools, but first-rate tools can be hampered by the lack of standardized, effective forensic processes. It is very necessary for academia, practitioners, and law enforcement to collaborate and agree on an industry standard.
- #3 Grispos, Storer and Glisson (2012) defined digital forensics as the art and science of implementing scientifically developed and validated methodologies for the collection, preservation, identification, analysis, interpretation, documentation, analysis, and presentation of digital evidences obtained during cyber crime investigations. Consequently, digital evidences obtain from digital hardware or software could contribute to or provide better definition and reconstruction on events that are potentially criminal. The interconnected nature of technology increases opportunities for cyber criminals while also increasing the difficulties associated with forensic investigations.
- #4 Kumari and Mohapatra (2016) divided digital forensics into these five branches. Computer forensics integrates computer science with technology to collect, preserve, and analyze evidence that is critical and can withstand legal scrutiny in cyber investigations. Network forensics defines the behavior of cyber criminals and tracking them through the analysis of log and status information. Mobile device forensics retrieves digital evidence and crucial data from a mobile device. Memory forensics analyzes and extracts information from the memory dump of computers. Email forensics . Email forensics investigates headers and content of email history for important data and traffic. Identification of the appropriate sources could play an important role in expediting the investigation to a successful conclusion.
- #5 Baig, et al. (2017) argued that these are some of the most significant challenges that must be endured by digital forensic professionals at present. Additionally, the security must be provided for the data transmission and storage facilities where evidence pertinent and valuable to the forensic process must be stored. These challenges are not only unique traditional forensic investigations, but are applicable to cloud computing, Internet of Things and Internet of Cities. These systemic concerns mandate collaboration among digital forensic analysts to increase the efficiency of investigations while integrating best practices.
- #6 Infosec (2018) identified different tools that target the five previously mentioned branches of forensics and some are a jack-of-all-trades. One of the most widely used is EnCase. If you are inclined to review it prior to use, you will find that it has a laundry list of features and benefits. Regardless of the tools being used, there is an extraordinary amount of data to be analyzed during an investigation. One good rationale for the wide spectrum of tools is lack of compatibility among the tools and the tool utilized on one device (e.g. mobile), may not be applicable for another device (e.g. external hard drive). Harbawi and Varol (2016) opined that there is extensive gap between cyber crime methodologies and forensic tool capabilities. So…choose your weapons, strategically, efficiently and according to your budget!
- #7 EnCase is probably the most popular platform on this list and encompasses many different tools that address several areas of the digital forensic process. One of its capstone capabilities is producing a comprehensive report after obtaining evidence or potential evidence from various devices. The company recently introduced the Mobile Investigator to provide a solution that stays abreast of the novel mobile devices, applications, and operating systems to ensure the prosecution of criminals. This tool is not free and license costs are commensurate with the organizational purpose-Site License, Perpetual License, Term-Based License or Academic Program.
- #8 WinHex, at its foundation is a universal hexadecimal editor. Wikipedia defines a universal hexadecimal editor or hex editor as a program that allows manipulation of raw data contained with files-at the byte level. WinHex is a core essential for digital forensics investigations data recovery, and low-level data processing. The tool can be used for emergency and everyday use, inspect and edit different type files, recover deleted or lost data from hard drives and from digital camera cards. Potential purchasers of the software will find that the features are a la carte and depend on the license type. Additionally, the company offers a “try before you buy”, as long as necessary, for FREE.
- #9 FTK is built to integrate with mobile and eDiscovery tools. Unlike other forensic solutions, it distinguishes itself by utilizing a single case database for faster results and a candid snapshot of the event. FTK conducts indexing up front resulting in more efficient filtering, and searching of data. A shared index file reduces or eliminates the need to recreate or duplicate file for shared use during the investigation. Additionally, the parent company, AccessData, can configure the product as a password recover solution and access password protected files.
- #10 X-Ways is an advanced platform utilized in digital forensic investigations that runs on all available Windows versions. The company claims that it is more efficient, operates faster, no extensive hardware requirements and does not require the establishment of a complex database. The tool is fully portable and can operate from a USB stick and mirrors many of the capabilities within WinHex being based on WinHex hex and editor. Comically, it states that as a German product, it is more trustworthy.
- #11 Oxygen Forensic Suite is a niche software forensic package primarily focusing on extracting evidence from mobile phones to support a digital forensic investigation. This includes their backups, drones, cloud services, and call data records. Their advanced technology allows more data extraction than the traditional amount. The company offers six different products, depending on requirement, quickly and safely extract data critical to investigations. Forensic specialists, military investigators, government agencies, and private investigators presently use the software.
- #12 Computers, like anything else in the technological arena are a state of constant evolvement. Its tactics, procedures and techniques must constantly accommodate new scenarios and constantly changing cyber threats. Nieto, Rios, and Lopez (2018) declared that IoT Forensics is a paradigm shift as it pertains to traditional forensics. The additional principles necessary for its success include the cooperation of individuals and their personal devices with law enforcement for the successful resolution of a digital forensics case. This integration is only successful if citizens have the reassurance of privacy. Nieto, Rios, and Lopez (2018) apply the ProFIT methodology, which is centered on consumer privacy, IAW ISO/IEC 29100:2011-which are uniform privacy standards, to achieve successful investigations.
- #13 Cloud computing becoming the gold standard for information technology delivery and related functions. It is a paradigm shift that is allowing customers to “rent” instead of the traditional ownership and maintenance associated with technological infrastructure. Roussev, Ahmed, Barreto, McCulley, and Shanmughan (2016) declared that cloud forensics is not congruous with existing protocols and requires a new methodology and forensic toolkit. According to Cisco (2014), software services that integrate cloud technology will grow to 64 percent this year. Nonetheless, cloud forensic responses to these future developments can be feasibly predicted based on current information technology directions.