ITF401_IP4 - Introducing Computer Forensics 1 The Benefits...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Introducing Computer Forensics 1 The Benefits of Tools to Identify and Examine Evidence The Benefits of Tools to Identify and Examine Evidence Dionne Jordan 5-26-2010 American InterContinental University
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Introducing Computer Forensics 2 Abstract This is an explanation of several issues raised concerning what tools should be purchased to launch forensic team operations. We will explain at least three tools and the benefits and limitation of each. In the explanation of the tool characteristics, we identify the forensic tools to purchase. We will include the factors that may affect an investigator chose of tool selection, such as the expected types of investigation OS needs and preference, background, training, budget and law enforcement.
Background image of page 2
Introducing Computer Forensics 3 The Benefits of Tools to Identify and Examine Evidence In today’s decade, Technology has taken day to day activity by leap and bounds. For analyzing, extracting, and locating data there are tools use must consider in a computer forensic investigation. These tools are important to help find and make sense of stored data (Solomon, Barrett, Broom, 2005). An investigator needs many different types of tools to identify and acquire computer evidence. To ensure the original data protection these tools must be carefully considered. Most evidence is hidden from the casual observer and specialized tools are required to access them. In one case you may be asked to examine a primary copy of a working media. It is important to copy first analyze all media. When you identify the physical media, you must make sure to preserve the evidence before going any further. There should always be a created exact image of the media, verified to match the original (Solomon, Barrett, Broom, 2005). In another case you may be asked to examine a targeted primary copy of media like a home folder, in which case it could be difficult to create a mirror image of the disk drive, but you can scan the disk for deleted or existing files doing use. This may not be the best way, but it is done more frequently during an investigation (Solomon, Barrett, Broom, 2005). Here are some tools that a computer investigator should consider: ByteBack, EnCase, and FTK. ByteBack is a data recovery, which upholds it’s viability as the tool in computer forensic investigation and data recovery (Tech Assist, 1992-2004). It provides solution in a wide range of
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Introducing Computer Forensics 4 hard disk problems. It’s a DOS program which allows you to edit the disk using a built in disk
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/06/2011 for the course IT ITF401 taught by Professor Mr during the Spring '10 term at AIU Online.

Page1 / 8

ITF401_IP4 - Introducing Computer Forensics 1 The Benefits...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online