Anything related to computer forensics (new section!)
April 19th, 2014, 9:15
Which software/s do you guy suggest to investigate hard disk drive? (ntfs/HFS+ mostly) (deleted email,chats,history, etc.)
April 19th, 2014, 10:07
Encase / FTK / X-ways are the main software...
April 19th, 2014, 12:53
hi positivebit
as Lemmy mentioned, those are industry standard kit.
Another one to consider as you mention email, chats & history is Magnet Forensics Internet Evidence Finder.
It really depends upon your need, depth of requirement and how much time and money you want to spend
There are also free opensource kits available too like SIFT, Caine, Deft and more.
Expensive or cheap, the programs above are no "easy ride".
You probably already know, but it's worth mentioning here anyway, that if it is truly "forensic" (ie any chance of court case) consider hiring a data forensics pro. Finding internet artifacts is the least of your worries.
Anything less than rigorous attention to legal compliance, from acquiring the hardware to presenting in court, will land you in a whole world of hurt. Remember, it isn't "evidence" unless it's accepted by the court as such.
Always check your county and country legal requirements too.
What could be valid advice on here from one country may get you in jail in another.
K
April 21st, 2014, 10:21
for financial cases I have had great success scanning data with Identityfinder . Good organization of credit cards, passwords, social security data, credits applications, and financial institution information well organized with links and references.
April 21st, 2014, 10:57
For open source / free try Sleuthkit and the associated GUI, Autopsy.
http://www.sleuthkit.org/Autopsy® and The Sleuth Kit® are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.
Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation. Join the sleuthkit-users list to ask questions and help others.
Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.
If you need a custom, automated solution, then you can build one using the TSK libraries or the framework. We have also done research on using Hadoop to analyze disk images using cloud computing infrastructures.
April 21st, 2014, 15:23
thank you guy all, i am now going into trying the free versions and demo versions.
Autopsy (64bit windows version) wasn't able to get anything from a MacPro HFS+ full of data for now.
regards.
May 7th, 2014, 16:17
I agree with other posts that EnCase and FTK are primary digital forensics products. Specific to what you (deleted email, chats, history): digitalferret's recommendation of Magnet Forensics' Internet Evidence Finder (IEF) is a great tool for internet related items such as webmail, chats, internet history, Facebook, etc. Another tool that is good specifically for what you asked about is Paraben's P2 Commander. I think Paraben may have a limited version trial available for you to try for free.
Good luck.
Powered by phpBB © phpBB Group.