Question

Do research current acquisition tools as many as you can that are available up to now, specifying computer forensics vendor name, acquisition tool name and features of the vendor’s product. You can classify the listing vendors you found with Excel or Word table that contains each row with the acquisition tool name and each column, such as raw format, proprietary format, AFF format, other proprietary formats the tool can read, compression of image files, remote network acquisition capabilities, and method used to validate (MD5, SHA-1, and so on). NO more than 10 pages overall.

Answer 1

:: Solution ::

step: 1

Computer forensics

Computer forensics involves the digital evidence in support of crime, or administrative cases to be used as evidence. The evidence obtained should be legal, authentic, and admissible.

It is different from data recovery, work forensics and disaster recovery in many aspects. In computer forensic we search for an unknown data which was hidden by the suspect or user which can be used as a valid proof against the suspect

step: 2

Computer Forensic Tools

Computer forensic tools are the tools which are used during the investigation of evidences in the computer all these tools are for different purposes. Some of them are used for recovery, some for making images and some are for the purpose of searching the files in the computer.

The tools are used according to the need of the investigation. It is not possible that the all tools are used in the single case. Because there are thousands of tools developed for the different purpose.

step: 3

Description of the computer forensic tools

The description of the different computer forensics tools is as:

1. EnCase is the forensic tool developed by the Guidance Software and its latest version is 7.04. This tool is used for various purposes such as acquisition, analysis and reporting.

2. Forensic Toolkit is the tool developed by the AccessData and its latest version is 4.2. This tool performs various tasks as it is a Multi-purpose tool, commonly used to index acquired media.

3. PTK Forensics is the tool developed by the DF Labs Inc. and its latest version is 7.04. This tools have work as GUI for Sleuth Kit.

4. ProDiscover is the tool developed by the Technology Pathways and its latest version is 7.04. This tool has the work to convert a raw image of a disk into a bootable VMWare Machine.

5. X-Ways Forensics 16.4 X-Tensions API is the software which is developed for the computer forensic. It has the functionalities of cloning and imaging. It has the property to read the raw format files. It supports different types of file structures.

Spreadsheet of tools

Vendor	Raw format	Proprietary format	AFF Format	Other Proprietary format	Compression of image	Remote network capabilities	Method for validation
ProDiscover	.pds	-	-	-	Yes	Yes	SHA-1,MD5,CRC-12
FTK Imager	dd	.e01,.s01	-	-	yes	No	SHA-1,MD5,CRC-12
X-Way Forensic	dd	.e01	-	-	Yes	No	SHA-1,MD5
EnCase	dd	.e01	-	-	Yes	Yes	SHA-1,MD5
AccessData FTK	dd	.e01	-	-	Yes	No	SHA-1,MD5