Respond To Two Discussion Posts About Tools Utilized In The Field Of Computer Forensics

By
Responsive Centered Red Button

Need Help with this Question or something similar to this? We got you! Just fill out the order form (follow the link below), and your paper will be assigned to an expert to help you ASAP.

Order Form

Question Description

1) This would be my top five tools in forensic analysis

Hardware/software write blockers. This I feel is the most important tool. You need to ensure the integrity of the data while it’s being collected and while it is being processed. If not, should your investigation go to court, the evidence can be thrown out as the integrity of the data can be called into question. Along with this, great chain of custody procedures is a must.
A hard drive duplicator can greatly enhance the speed of evidence collection. A drive duplicator is a must have when multiple images need to be created or if speed is a great concern. A laptop w/write blocker solution can collect good forensics images, but it is slow and depending on the size and number of images that need to be collected, it may not be the best choice. Drive duplicators will create a bit by bit copy of the drive verifiable with file hashes.
Encase forensics software. Allows analyst to investigate the collected data.
Volatility memory forensics suite – Allows the capture and follow on analysis of ram. Very important as this data is lost upon shutdown and some malware can live in RAM. I am unsure where the memory capture fits in the forensics process as invoking this tool would alter the state of the machine.
SANS Investigative Forensic Toolkit (SIFT). A forensics VM distro loaded with free opensource tools. This would be a good VM image to try out these tools and get a feel for their capabilities/limitations.

2) There are numerous tools available in the forensic analysis field. Based on what I have read and from discussions in previous classes, I believe the top five tools in the field are EnCase, Forensic Tool Kit, Forensic Explorer (FTK), SANS Sift, and the Slueth Kit. All five tools provide similar functions and capabilities; however, each toolkit have aspects that separate them from each other.

Encase is a toolkit accepted worldwide and used by both government agencies and private organizations. EnCase is an encompassing toolkit, allowing analysts to complete an investigation from start to finish with this one tool (OpenText, n.d.). With the EnScript feature, analysts can create and utilize scripting language to automate tasks (OpenText, n.d.).

Forensic Tool Kit is another toolkit which encompasses all the features needed by an analyst to complete an investigation. FTK utilizes a database which allows for faster and more efficient searching in comparison to similar tools (AccessData, n.d.).

Forensic Explorer provides a variety of tools to preserve, analysis, and present digital evidence and is used the private sector, government agencies, and law enforcement (GetData, n.d.).

SANS Sift is a free open source Ubuntu-based toolkit which includes a variety of open source tools (SANS, n.d.). The toolkit and the include tools are kept updated. In addition, SANS Sift is compatible with both Linux and Windows operating systems.

Slueth Kit is comprised of a variety of command line tools which for analysis of disk images and to recover files from the disks (InfoSec, 2019). Various open source tools such as Autopsy use the Slueth Kit command line tools (InfoSec, 2019).

How to create Testimonial Carousel using Bootstrap5

Clients' Reviews about Our Services