Computer Forensics and Investigations
Chapter 7 - Current Computer Forensic Tools
Objectives
- Describe available computer forensics software tools
- List some considerations for computer forensics hardware tools
- Describe methods for validating and testing computer forensic tools
- Explain how to evaluate needs for computer forensic files
Introduction
This chapter explores many software and hardware tools usede during computer forensics investigations. No specific tools are recommended: Instead, the gaol is to explain how to select tools for computing investigations based on specific criteria.
Instructions
- Unit Agenda
- Read Chapter 7 PG 263 - 303
- Review Chapter 7 PPT
- Do Chapter 7 review on class site
- Do Chapter 7 Case project 7-2 pg 302
- Describe some of the recommendations for a forensic workstation
- What is a write-blocker? What doesw it do and how is it used? What is the difference between write blockers for software versus hardware. Discuss the major advantages and disadvantages.
- What are the tasks performed by computer forensic tools? Describe each task.
- What is the difference between command line and GUI forensic tools. Name a couple of each kind and why possibly you would use one interface over another.
- Research various computer forensic tools choose 1tool and develop a PPT pretend you are that vendor and explain what it is, how it works, why I should choose your tool over others, and any other relevant information that would convince me to use your product.Please include some type of chart in your powerpoint the highlights the tools cababilities.
- Watch video on Helix - http://www.youtube.com/watch?v=sGLzoxGi6FM
Documents |
Additional Resources1. Brute force attack:
http://en.wikipedia.org/wiki/Brute_force_attack 2. The Sleuth Kit & Autopsy: www.sleuthkit.org/ 3. Knoppix-STD: http://s-t-d.org/ 4. Hash algorithms Web sites: a. RFC 3174 – US Secure Hash Algorithm 1 (SHA1), www.faqs.org/rfcs/rfc3174.html b. The Secure Hash Algorithm Directory, www.secure-hash-algorithm-md5-sha-1.co.uk/ c. SHA1 version 1.0, www.w3.org/PICS/DSig/SHA1_1_0.html SHA family, http://en.wikipedia.org/wiki/SHA-1 |