Computer Forensic Tools Term Paper

Document Type:Thesis

Subject Area:Religion

Document 1

This paper, therefore, focuses on various types of computer forensic tools for example, EnCase, Xplico, Autopsy, X-Ways and FTK. The paper goes on to discuss different aspects of the computer forensic tools with regard to the price required to acquire them, their capability as well as performance aspects. These aspects help differentiate the tools and enable investigators to make decisions keeping in mind the type of data that is supposed to be obtained in order to make the investigation successful. Table of Contents Performance of computer forensic tools 4  Encase 4  Oxygen Forensic Suite 5  XWF (X-ways) 6  FTK (Forensic Toolkit) 6  ProDiscover Forensic 7 Capability/Features of different computer forensic tools.  X-Ways 8  Xplico 9  Autopsy 10  Encase 11  Encase forensic 8 11  Encase eDiscovery 12  Encase endpoint security 12  EnForce risk manager 13 Price of Computer forensic Tools 13  The Coroner's Toolkit 13  Autopsy 14  Encase 14  Forensic Toolkit (FTK) 14  Kali Linux 15 References 16 Digital forensic science contains a branch known as computer forensics or computer forensic science that pertains to obtaining evidence from digital storage media and computers as well.

Sign up to view the full document!

Though Encase is primarily used to obtain proof from hard drives that have been seized. Other than that, Encase contains an interface that helps users find it easy to operate thus being termed as a user-friendly tool and interface. The performance of Encase is further enhanced through its built-in reporting functionalities that are very instrumental in processing and analysis of data. Encase also contains a free version known as Encase Imager which is easily used to acquire evidence apart from the fully paid version that supports most utilities. In addition, it contains built-in support systems for various multiple encryption types such as Sophos and BitLocker and this helps combat the increased threat of cybercrime. xls, pdf and many more and is also a better option economically for users when compared against other tools.

Sign up to view the full document!

However, the range of supporting mobile devices is a limited one and it is vulnerable against malware contained in the devices being examined by the suite. The process to examine devices is time consuming due to using a brute force technique. Computer Forensics Tools", 2018) • XWF (X-ways) This is a windows based commercial computer forensic tool known for its powerful capabilities. It enables computer forensic users to access many functionalities and is a licensed software. Among its most fundamental features, FTK can mount and emulate an image in the Windows Explorer. • ProDiscover Forensic Computer forensic experts use ProDiscover Forensic to protect evidence, locate data and create a report that assists in providing evidence in legal procedures. It is a powerful computer forensic security tool that can also be used to recover disposed files, allowing dynamic previews of the hardware protected area and examining slack space.

Sign up to view the full document!

Data can also not be hidden from ProDiscover Forensic since it has the capability of reading the disk at a sector level. It has the ability to safely keep original evidence by creating a Bit-Stream copy of the disk being analyzed including the sections that have pending patents. • Capturing unused space- previously existing files may also be found in directories and unused directories and X-Ways is able to gather files and their free spaces so as to investigate them further at a later date to establish more evidence. • Hard disk wiping/cleansing- X-Ways contains a feature that enables to maximize the security of files through filling disk sectors with any of the byte patterns. This technique is used to determine the forensic cleanliness of a disk by removing traces of software such as directories, partitions, and viruses.

Sign up to view the full document!

• Capturing file slack- in most cases, the cluster size does not effectively divide the size of a file and therefore there emerges slack space. Leads and evidence are usually revealed through examining the last clusters of a file and their unused spaces. • Autopsy This is a fast and cost-effective graphical interface in digital forensics to computer forensic tools such as The Sleuth Kit. It is mainly utilized by law enforcement, corporate and military authorities and examiners to look into what happened to a digital device such as a computer. In other instances, it is used to access memory cards of various cameras to recover photos. This tool contains some features that make it even more effective in its tasks such as: • Android Support- this feature assists Autopsy to obtain data from call logs, contacts, and SMSs.

Sign up to view the full document!

• File type detection- this feature helps detect mismatches based on extensions and signatures as well. • Encase forensic 8 features include: • Sweeping bookmarks (multi-colored)- this assists in establishing the relevance of a specific string in a given case • Frequent blue-checks – important files can be blue checked on a regular basis and are able to appear on any screen despite navigation. • Triage reporting- involved parties in a case such as attorneys and investigators can receive updates regarding a particular case due to an implementation of triage features used for reporting. • Investigation workflows- a report can be created based on findings from processed evidence just with the help of a click. Encase forensic 8 assists examiners to follow through the progress of cases and uncover evidence.

Sign up to view the full document!

• Encase eDiscovery- this tool is mainly designed to help enterprise professionals identify important facts and also enable continuous assessment of cases by legal teams. • EnForce risk manager- this is a tool mainly used to modify confidential data by categorizing it across enterprises. Businesses are thus able to improve their security by focusing on business intelligence improvements. Some of its features include: • Customized dashboards- they allow users to create risk reports based on statistics and clear reporting and reviews on risk distribution as an organization manifests through sensitive data and information. • Automated remediation- here the users are able to edit and modify sensitive information from its storage location and they are also able to take a look at the matter of files.

Sign up to view the full document!

• Patented graft technology- Enforce risk manager has the ability to categorize sensitive information by the use of large storage solutions. It is, however, an essential cost-effective tool since it is free and thus puts into consideration the decreasing budgets of organizations and other users. It further provides critical features like the registry and web artifacts analysis which are not available in most commercial computer forensic tools in addition to providing the same features they do. Autopsy", 2018) • Encase- It increases the productivity of investigators due to its outstanding features such as technological index building, access to image media and analysis of multiple media. It is however costly with the majority of vendors selling it for over $3,000. Forensic Computers, for instance, sells Encase V8 at $3,594.

Sign up to view the full document!

infosecinstitute. com/7-best-computer-forensics-tools/#gref AG, X. Computer Forensics Software. Retrieved from https://www. x-ways. com/category/computerforensics/introduction/commercial-computer-forensics-tools/encase-product-suite-overview/#gref Tool Comparison. Retrieved from https://resources. infosecinstitute. com/category/computerforensics/introduction/commercial-computer-forensics-tools/tool-comparison/#gref Top Digital Forensic Tools to Achieve Best Investigation & Analysis Reports. Retrieved from http://www.

Sign up to view the full document!

From $10 to earn access

Only on Studyloop

Original template

Downloadable