In: Computer Science
1. The development of a forensic lab for computers and mobile devices involves numerous specialized tools. Describe both hardware and software tools that might be utilized in such a lab.
2. Select ONE type of software tool from the list below. Using the internet or online library, find an article, case study, or publication about computer forensics that addresses the specific software tool you chose.
1) Device Seizure by Paraben
2) ForensicSIM by Evidence Talks
3) USIMdetective by Quantaq Solutions
4) SIMCON by Inside Out Forensics
5).XRY by Micro Systemation
6) MOBILedit! Forensic by Compelson Laboratories
Hi,
The development of a forensic lab for computer and mobile devices involves various hardware and software tools.Here is the descriptive list of such hardware and software tools
Hardware tools:
1. Forensic workstation -These are complete computer workstations set up for easy reconstruction and analysis of copied drives, usually with removable drive racks that allow booting of the “working copies” of suspect disks. Analysis software is installed to assist in searching for particular types of data using artificial intelligence techniques or fuzzy logic to conduct searches when the investigator isn't sure of the text strings or file types he or she is looking for. Data recovery software is installed to locate data from “deleted” or “erased” files. Mobile workstations set up on portable computers are also available. Examples include the DIBS forensic workstations and F.R.E.D., the Forensic Recovery of Evidence Device, which is made by Digital Intelligence
2. Digital Forensic Imaging - It is defined as the processes and tools used in copying a physical storage device for conducting investigations and gathering evidence. This copy does not just include files which are visible to the operating system but every bit of data, every sector, partition, files, folders, master boot records, deleted files and un-allocated spaces. The image is an identical copy of all the drive structures and contents. Eg CFID was designed for forward deployed military, intelligence, and law enforcement personnel who need a simple, small, portable and inconspicuous solution for imaging,cloning, copying and wiping data from portable media such as USB and SD Cards. The additional capabilities including iOS, Android and Sim Card extraction as well as direct PC and Laptop acquisition make the CFID a multipurpose solution for the field and lab use.
3. Forensic write blocker-A forensic disk controller or hardware write-block device is a specialized type of computer hard disk controller made for the purpose of gaining read-only access to computer hard drives without the risk of damaging the drive's contents. The device is named forensicbecause its most common application is for use in investigations where a computer hard drive may contain evidence. Such a controller historically has been made in the form of a dongle that fits between a computer and an IDE or SCSI hard drive, but with the advent of USB and SATA, forensic disk controllers supporting these newer technologies have become widespread.
4. Imaging and cloning devices
5. Encrypted data storage solution-In today’s advanced, interconnected world, businesses experience dramatic growth of digital data including documents, emails, and applications. Protecting the infrastructure that allows organizations to function is crucial. Security threats are inherently difficult to manage because there are so many different types –cybercrime, lost and stolen data, natural disasters, industrial accidents, terrorism and they are constantly evolving. Their economic and societal impact can be enormous.
6. Digital forensic field station -eg ditto forensic fieldstation
Software tools-
1. Autopsy
Autopsy is a GUI-based open source digital forensic program to analyze hard drives and smart phones effectively. Autospy is used by thousands of users worldwide to investigate what actually happened in the computer.
2. Encrypted Disk Detector
Encrypted Disk Detector can be helpful to check encrypted physical drives. It supports TrueCrypt, PGP, Bitlocker, Safeboot encrypted volumes.G
3. Wireshark
Wireshark is a network capture and analyzer tool to see what’s happening in your network. Wireshark will be handy to investigate network related incident.
4. Magnet RAM Capture
You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory. It supports Windows operating system.
5. Network Miner
An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions and open ports through packet sniffing or by PCAP file. Network Miner provide extracted artifacts in an intuitive user interface.
There are many such software tools Here is a tabular list ypu may go through
Name | Platform | License | Version | Description |
---|---|---|---|---|
Mobile Device Investigator | Windows, | proprietary | 2.1 | iOS and Android digital forensics and smartphone triage tool by ADF_Solutions |
Autopsy | Windows, macOS, Linux | GPL | 4.14 | A digital forensics platform and GUI to The Sleuth Kit |
Belkasoft Evidence Center | Windows | proprietary | 9.9 | Digital forensic suite by Belkasoft, which supports computer and mobile forensics in a single tool |
COFEE | Windows | proprietary | n/a | A suite of tools for Windows developed by Microsoft |
Digital Forensics Framework | Unix-like/Windows | GPL | 1.3 | Framework and user interfaces dedicated to digital forensics |
Elcomsoft Premium Forensic Bundle | Windows, macOS | proprietary | 1435 | Set of tools for encrypted systems & data decryption and password recovery |
E3: Universal Software | Windows, macOS, Linux | GPL | 2.6 | E3:Universal develop by Paraben Corporation is and end-to-end DFIR solution that can work through ALL types of digital data: computers, email, internet data, smartphones, & IoT devices. |
EnCase | Windows | proprietary | 8.06.1 | Digital forensics suite created by Guidance Software |
Forensic Explorer | Windows | proprietary | 4.4.8.7926 | Digital forensics suite created by GetData |
FTK | Windows | proprietary | 6.0.1 | Multi-purpose tool, FTK is a court-cited digital investigations platform built for speed, stability and ease of use. |
IPED[4] | Unix-like/Windows | GPL | 3.17.2 | Digital forensics tool created by the Brazilian Federal Police |
ISEEK[5] | Windows | proprietary | 1 | Hybrid-forensics tool running only in memory - designed for large networked environments |
IsoBuster | Windows | proprietary | 4.1 | Essential light weight tool to inspect any type data carrier, supporting a wide range of file systems, with advanced export functionality. |
Netherlands Forensic Institute / Xiraf[6] / HANSKEN[7] | n/a | proprietary | n/a | Computer-forensic online service. |
Open Computer Forensics Architecture | Linux | LGPL/GPL | 2.3.0 | Computer forensics framework for CF-Lab environment |
OSForensics[8][9] | Windows | proprietary | 3.3 | Multi-purpose forensic tool |
PTK Forensics | LAMP | proprietary | 2.0 | GUI for The Sleuth Kit |
SANS Investigative Forensics Toolkit - SIFT | Ubuntu | 2.1 | Multi-purpose forensic operating system | |
SPEKTOR Forensic Intelligence [10] | Unix-like | proprietary | 6.x | Easy to use, comprehensive forensic tool used worldwide by LE/Military/Agencies/Corporates - includes rapid imaging and fully automated analysis. |
The Coroner's Toolkit | Unix-like | IBM Public License | 1.19 | A suite of programs for Unix analysis |
The Sleuth Kit | Unix-like/Windows | IPL, CPL, GPL | 4.1.2 | A library of tools for both Unix and Windows |
Windows To Go | n/a | proprietary | n/a | Bootable operating system |
X-Ways Forensics | Windows | proprietary | n/a | Supports images and a bunch of volumes. And also memory and ram
analysis |
Solution of 2(b)
I select Device Seizure by Paraben
Paraben states that its Device Seizure can acquire and analyze data from over 4,000 mobile phones, PDAs and GPS devices. Device Seizure is a software platform that installs onto a computer work-station and includes a driver pack designed to maintain forensic integrity of device acquisitions.
As you need online publication/ article on this i suggest you to visit on this link. there is a webinar and an article that address this device
Link-https://www.forensicfocus.com/webinars/mobile-forensics-using-device-seizure-from-paraben-corporation/
Hope this will work for you
Thankyou