Identify a commercial or open source computer forensic suite that can assist a l

Question

Identify a commercial or open source computer forensic suite that can assist a law enforcement agency in investigating computer forensics cases and cybercrime activity.

Assignment Requirements

Research the most prominent computer commercial and open source computer forensic suites available today. This assignment requires you to prepare a summary report of your findings. Based on the research, you will do the following tasks:

Justify why you would suggest that a particular suite be purchased by your local law enforcement agency.

Show how the suite helped to investigate computer forensics cases and cybercrime activity for your local law enforcement agency.

Create a professional executive summary report detailing the information above.

Explanation / Answer

These products are not traded as a set but in keeping with our theme of aiming on the examination instead of the tool we are combinging them together. We have been using access Data tools for years and they never disappoint. This year's goods under review are no exception. Taken as a suite, these tools provide whole coverage from the field to the lab, and from the first responded to the forensic analysis.

To put that into viewpoint, suppose that you were going onsite to where a breach happened and your client supposed a specific insider. As a first responder, you have the ability to collect and view enough indication from computers with AD Triage to abolish obviously un involved machines. But if you find something in the report that is providing by the tool, you can seize the hard disk and take it back to the lab for a full examination using FTK.

Likewise, if you want to check the mobile devices related with suspect, you can use nFIELD to dump the phones or tablets and give a quick triage - either removing the device or suggesting that it should be seized. All of this can be done by a first responder and the data collected is movable to other tools. So the nFIELD data could go to MPE+ (Mobile Phone Examiner Plus) or FTK for complete analysis.

If you choose that it should go into FTK along with the computer image of disks that you seized, you have a complete picture of all of the sign that you collected and it shows up below a single pane of glass with the ability to analyse the unlike devices together as a single case.

AD Triage is a simple to use forensic data acquisition tool. It is set up in the lab for a specific type of testing - for example, Pornography - and a USB stick is configured to triage the computers and collect a limited set of proof. The first responder simply boots suspect computer from the USB and collect the evidence called for by the profile set up by the lab. A rapid look at the resulting reports let the first responder know what, if everything, should be seized.

FTK is as noble as it always has been. We used FTK at Norwich-University in the forensic classes because it is so easy to learn and use that we could focus on teaching computer forensics instead of teaching tool. In addition of Cerberus adds a forensic malware discovery and analyse tool to the brand. One interesting side

Note: At the university, we ran AD Lab, the network variety of FTK, from our virtual environment for our classes with brilliant results.

MPE+ is a durable mobile device forensic tool. It covers a wide range of electronic devices more than 7000 at this writing and can extract data mostly related to social media use. With the optional VELOCITOR add in, 95 percent of chinese knock off phones can be analysed. The tool includes 1300 unique profiles for analysis of devices that often cause complications for analysts. Using SQL Builder and Python scripter, users can create custom queries that be run auto-matically.

Finally, nFIELD is a mobile device triage tool much as AD Triage is for computer. It has all of the data collection abilities of MPE+ without the analytics. It can save device images in AD1 format for import into other Access data tools. It is the ideal tool for first responder since the training required is slight.

Support and documentation are what you would expect from a company such as Access data and we have watched the website improve over the years. The whole thing is there you could want to assist access data tools.

STRENGTHS: Well integrated suite of tools that can be used combinely or separately following the investigator preferences for developing digital forensic proof.

WEAKNESSES: None that we met.

VERDICT: Our hands-down overall favourite forensic tool set. We make this suite a SC Lab approved tool set for the coming year.

These products are not traded as a set but in keeping with our theme of aiming on the examination instead of the tool we are combinging them together. We have been using access Data tools for years and they never disappoint. This year's goods under review are no exception. Taken as a suite, these tools provide whole coverage from the field to the lab, and from the first responded to the forensic analysis.

To put that into viewpoint, suppose that you were going onsite to where a breach happened and your client supposed a specific insider. As a first responder, you have the ability to collect and view enough indication from computers with AD Triage to abolish obviously un involved machines. But if you find something in the report that is providing by the tool, you can seize the hard disk and take it back to the lab for a full examination using FTK.

Likewise, if you want to check the mobile devices related with suspect, you can use nFIELD to dump the phones or tablets and give a quick triage - either removing the device or suggesting that it should be seized. All of this can be done by a first responder and the data collected is movable to other tools. So the nFIELD data could go to MPE+ (Mobile Phone Examiner Plus) or FTK for complete analysis.

If you choose that it should go into FTK along with the computer image of disks that you seized, you have a complete picture of all of the sign that you collected and it shows up below a single pane of glass with the ability to analyse the unlike devices together as a single case.

AD Triage is a simple to use forensic data acquisition tool. It is set up in the lab for a specific type of testing - for example, Pornography - and a USB stick is configured to triage the computers and collect a limited set of proof. The first responder simply boots suspect computer from the USB and collect the evidence called for by the profile set up by the lab. A rapid look at the resulting reports let the first responder know what, if everything, should be seized.

FTK is as noble as it always has been. We used FTK at Norwich-University in the forensic classes because it is so easy to learn and use that we could focus on teaching computer forensics instead of teaching tool. In addition of Cerberus adds a forensic malware discovery and analyse tool to the brand. One interesting side

Note: At the university, we ran AD Lab, the network variety of FTK, from our virtual environment for our classes with brilliant results.

MPE+ is a durable mobile device forensic tool. It covers a wide range of electronic devices more than 7000 at this writing and can extract data mostly related to social media use. With the optional VELOCITOR add in, 95 percent of chinese knock off phones can be analysed. The tool includes 1300 unique profiles for analysis of devices that often cause complications for analysts. Using SQL Builder and Python scripter, users can create custom queries that be run auto-matically.

Finally, nFIELD is a mobile device triage tool much as AD Triage is for computer. It has all of the data collection abilities of MPE+ without the analytics. It can save device images in AD1 format for import into other Access data tools. It is the ideal tool for first responder since the training required is slight.

Support and documentation are what you would expect from a company such as Access data and we have watched the website improve over the years. The whole thing is there you could want to assist access data tools.

STRENGTHS: Well integrated suite of tools that can be used combinely or separately following the investigator preferences for developing digital forensic proof.

WEAKNESSES: None that we met.

VERDICT: Our hands-down overall favourite forensic tool set. We make this suite a SC Lab approved tool set for the coming year.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.