computer forensics tools l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Forensics Tools PowerPoint Presentation
Download Presentation
Computer Forensics Tools

Loading in 2 Seconds...

play fullscreen
1 / 29

Computer Forensics Tools - PowerPoint PPT Presentation


  • 368 Views
  • Uploaded on

Computer Forensics Tools. Hardware and Software Forensic Tools. Computer Forensic Tools. Tools are used to analyze digital data & prove or disprove criminal activity Used in 2 of the 3 Phases of Computer Forensics Acquisition – Images systems & gathers evidence

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computer Forensics Tools' - michi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
computer forensics tools

Computer Forensics Tools

Hardware

and

Software

Forensic Tools

computer forensic tools
Computer Forensic Tools
  • Tools are used to analyze digital data & prove or disprove criminal activity
  • Used in 2 of the 3 Phases of Computer Forensics
    • Acquisition – Images systems & gathers evidence
    • Analysis – Examines data & recovers deleted content
    • Presentation – Tools not used
admissibility of forensic evidence in court
Admissibility of Forensic Evidence in Court
  • Data must be relevant & reliable
  • Reliability of evidence gathered by tools assessed by judge in pre-trial hearing aka Daubert Hearing
  • Assesses Methodology to gather evidence
    • Sound scientific practices?
    • Reliable evidence?
pre trial hearings
Pre-trial Hearings
  • Frye Test – past method
    • Responsibility on scientific community
    • Defined acceptable evidence gathering procedures
    • Used Peer Reviewed Journals
  • Daubert Hearing – current method
    • Offers additional methods to test quality of evidence

Source: http://www.owlinvestigations.com/forensic_articles/aural_spectrographic/standards_of_admissibility.html

daubert hearing process
Daubert Hearing Process
  • Testing – Is this procedure tested?
  • Error Rate – What is the error rate of this procedure?
  • Publication – Has procedure been published and reviewed by peers?
  • Acceptance – Is the procedure generally accepted within the relevant scientific community?

Sources: http://www.daubertexpert.com/basics.html

http://onin.com/fp/daubert_links.html#whatisadauberthearing

types of security software
Types of Security Software
  • Network Firewall
  • Remote Access
  • Network Security Management
  • Vulnerability Management
  • Wireless
  • Emergent Technology
  • Antispyware
  • Antivirus
  • Authentication
  • E-Mail Security
  • Identity & Access Management
  • Intrusion Detection
  • Intrusion Prevention
types of forensic software
Types of Forensic Software
  • Acquisition Tools
  • Data Discovery Tools
  • Internet History Tools
  • Image Viewers
  • E-mail Viewers
  • Password Cracking Tools
  • Open Source Tools
  • Mobile Device tools (PDA/Cell Phone)
  • Large Storage Analysis Tools
electronic data discovery tools
Electronic Data Discovery Tools
  • Extract & Index Data
  • Create Electronic Images of Data
  • Search by Keyword or Document Similarity
  • Metadata
    • Author
    • Date Created & Updated
    • Email date sent, received
more about electronic data discovery tools
More About Electronic Data Discovery Tools
  • Analyze data
  • Retrieve data from different media
  • Convert between different media and file formats
  • Extract text & data from documents
  • Create images of the documents
  • Print documents
  • Archive documents
internet history tools
Internet History Tools
  • Reads Information in Complete History Database
  • Displays List of Visited Sites
  • Opens URLs in Internet Explorer
  • Adds URLs to Favorites
  • Copies URLs
  • Prints URLS
  • Saves Listing/Ranges as Text File
image e mail viewers
Image & E-Mail Viewers
  • Views Files
  • Converts Files
  • Catalogs Files
  • Side by Side File Comparisons
password cracking tools
Password Cracking Tools
  • Password Recovery
  • Allows access to computers
  • 3 Methods to Crack Passwords
    • Dictionary Attack
    • Hybrid Attack
    • Brute Force Attack

Source: http://www-128.ibm.com/developerworks/library/s-crack/

open source tools
Open Source Tools
  • Free tools available to Computer Forensic Specialists
  • Cover entire scope of forensic tools in use
  • May more clearly and comprehensively meet the Daubert guidelines than closed source tools
  • Among the most widely used

Source: http://software.newsforge.com/software/05/04/05/2052235.shtml?tid=129&tid=136&tid=147&tid=2&tid=132

mobile device tools
Mobile Device Tools
  • Number and variety of toolkits considerably more limited than for computers
  • Require examiner to have full access to device
  • Most tools focus on a single function
  • Deleted data remains on PDA until successful HotSync with computer

Sources: http://csrc.nist.gov/publications/nistir/nistir-7100-PDAForensics.pdf

http://www.cs.ucf.edu/courses/cgs5132/spring2002/presentation/weiss.ppt#5

forensic tool suites
Provide a lower cost way to maximize the tools

Typically include the most often used tools

Parben

The Coroner’s Toolkit (TCT)

The Sleuth Kit (TSK)

EnCase

Forensic Toolkit (FTK)

Maresware

Forensic Tool Suites
a closer look
A Closer Look
  • EnCase
  • ByteBack
  • Forensic Toolkit
  • Maresware
  • Parben
  • Coroner’s Toolkit
  • The Sleuth Kit
encase
EnCase
  • Originally developed for law enforcement
  • Built around case management
  • Integrated Windows-based graphical user interface (GUI)
  • Multiple Features
byteback
ByteBack
  • Cloning/Imaging
  • Automated File Recovery
  • Rebuild Partitions & Boot Records
  • Media Wipe
  • Media Editor
  • Software Write Block
forensic toolkit ftk
Forensic Toolkit (FTK)
  • Another Tool Suite
  • Acquires & Examines Electronic Data
  • Imaging Tool
  • File Viewer
maresware
Maresware
  • Collection of Tool rather than Tool Suite
  • Main Difference – Tools are Stand-Alone & Called as Needed
  • 4 Notable Tools
    • Declasfy
    • Brandit
    • Bates_no
    • Upcopy
paraben
Paraben
  • Collection of Stand-Alone Tools
  • Made up of 10 Individual Software Tool Sets
  • Purchased Separately, Price Break for Multiple Tool Purchases
  • Frequently Used with Mobile Devices
coroner s toolkit tct
Coroner’s Toolkit (TCT)
  • Open Source Tool Suite
  • Supports a Post-Mortem Analysis of Unix & Linux Systems
  • Written for Incident Response rather than Law Enforcement
  • Not Designed for Requirements to Produce & Prosecute
the sleuth kit tsk
The Sleuth Kit (TSK)
  • Open-Source Software Suite
  • Built on TCT
  • Collection of Command-Line Tools
  • Provides Media Management & Forensic Analysis
  • Core Toolkit Consists of 6 Tools
hardware acquisition tools
Hardware Acquisition Tools
  • Various Hardware & Software platforms
    • Collect Data
    • Process Data
    • Save Data
    • Display Data in Meaningful Manner
forensic hardware
Forensic Hardware
  • Workstations - Copy & Analysis
  • Drive Imaging System
  • Drive Wiper
  • Bridge
    • Write Blocker
    • SATA, SCSI, IDE, USB

Imaging Device

SCSI Bridge

tool costs
Tool Costs
  • Workstations starting at $5,000
  • Bridges starting at $200
  • Drive Wipers starting at $1000
  • Wide assortment of special cables and hardware accessories vary in price
  • Software – Free (Open Source) to over $1000
choosing your forensic toolkit
Choosing Your Forensic Toolkit
  • Expected Types of Investigations
    • Internal Reporting
    • Prosecution
  • Operating Systems
  • Budget
  • Technical Skill
  • Role
    • Law Enforcement
    • Private Organization
prepare to tool up
Prepare to Tool Up
  • Make Lists
  • Don’t Overbuy
  • Overlapping Tools
  • No One-Size Fits All
  • Training
references
References

Computer Forensics Jump Start. Michael G. Solomon, Diane Barret & Neil Broom. Sybex, San Francisco 2005

Hacking Exposed – Computer Forensics. Chris Davis, Aaron Philipp & David Cowen. McGraw-Hill, New York 2005.

Forensic and Investigative Accounting. D. Larry Crumbley, Lester E. Heitger & G. Stevenson Smith. CCH Inc., Chicago 2003