Deck 7: Current Computer Forensics Tools

In software acquisition, there are three types of data-copying methods.

When you research for computer forensics tools, strive for versatile, flexible, and robust tools that provide technical support.

The Windows platforms have long been the primary command-line interface OSs.

After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.

To help determine what computer forensics tool to purchase, a comparison table of functions, subfunctions, and vendor products is useful.

The ____________________ function is the most demanding of all tasks for computer investigators to master.

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
software-enabled write-blocker

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
a direct copy of a disk drive

The Windows application of EnCase requires a(n) ____________________ device, such as FastBloc, to prevent Windows from accessing and corrupting a suspect disk drive.

Software forensic tools are grouped into command-line applications and ____________________ applications.

Hardware manufacturers have designed most computer components to last about ____________________ months between failures.

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
usually a laptop computer built into a carrying case with a small selection of peripheral options

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
a tower with several bays and many peripheral devices

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
system file where passwords may have been written temporarily

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
one of the first MS-DOS tools used for a computer investigation

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
European term for carving

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
command-line disk acquisition tool from New Technologies, Inc.

Match each item with a statement below
a.JFIF
f.PDBlock
b.Lightweight workstation
g.Norton DiskEdit
c.Pagefile.sys
h.Stationary workstation
d.Salvaging
i.SafeBack
e.Raw data
letters embedded near the beginning of all JPEG files

Because there are a number of different versions of UNIX and Linux, these platforms are referred to as ____________________ platforms.

Briefly explain the NIST general approach for testing computer forensics tools.

Illustrate how to consider hardware needs when planning your lab budget.

What are some of the advantages of using command-line forensics tools?

Explain the difference between repeatable results and reproducible results.

Briefly explain the purpose of the NIST NSRL project.

Explain the advantages and disadvantages of GUI forensics tools.

What are the five major function categories of any computer forensics tool?

Explain the validation of evidence data process.

Describe some of the problems you may encounter if you decide to build your own forensics workstation.

Illustrate the use of a write-blocker on a Windows environment.