Computer Forensics Tools
There are a wide range of computer forensics tools, many of which perform specific tasks within the computer forensics project life cycle. Below we will take a look at several of the key computer forensic tools used by almost every computer forensics analyst.
1. Remote agent and control suite -- This software application consists of two computer forensics tools. The first of these is the control centre, which can be used by a computer forensics analyst to monitor PCs remotely. The analyst may also set up alarms and triggers for such things as excessive use of particular network interface, or large quantities of data being offered to external storage. The monitoring and control of the remote PC is facilitated through the second of the computer forensics software tools. The agent is a small, lightweight client which is remotely installed upon each PC or server. This small application allows the control centre to monitor the target PC, take control of it capture data in real-time.
2. Drive imaging -- this type of computer forensics software tools are used to create a forensically clean disk image of a PC before it undergoes a forensic examination. It is important that the computer forensics analyst creates and saves a snapshot of the state of the PC before the investigation begins. This enables the analyst to restore the disk image should they feel that they have contaminated forensic data whilst carrying out their investigation.
3. Data analysis tools -- This type of computer forensics tools is used to interrogate and investigate the disk image that has been created previously. The software allows the analyst to examine all data which is contained within the disk image; this can be achieved in a variety of ways, from simple file system access to more complicated bit by bit examination.
These are just three of the main computer forensics tools used by analysts as they carry out their day-to-day workload. There are many other will specialised computer forensics tools, although these three are the primary weapons in the computer forensics armoury.