Scribd
Upload
193 views9 pages

LaRon Walker - Computer Forensic Tools

This document discusses computer forensic tools that are used to collect digital evidence from computers. It describes how tools like file and disk utilities, network utilities, and system monitors can help gather data without altering it. Specific tools mentioned include ProDiscover, RegRipper, and utilities that use file headers to identify file types through hex editors. Maintaining data integrity is important for presenting computer forensic evidence in court.

Uploaded by

LaRon Walker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
193 views9 pages

LaRon Walker - Computer Forensic Tools

This document discusses computer forensic tools that are used to collect digital evidence from computers. It describes how tools like file and disk utilities, network utilities, and system monitors can help gather data without altering it. Specific tools mentioned include ProDiscover, RegRipper, and utilities that use file headers to identify file types through hex editors. Maintaining data integrity is important for presenting computer forensic evidence in court.

Uploaded by

LaRon Walker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Running Head: Computer Forensic Tools 1

Computer Forensic Tools

LaRon Walker

Master of Information Technology and Internet Security

June, 2010
2

Abstract

Computer forensics is becoming a must needed skill set to keep up with the evolving computer

crimes of today’s digital world. Along with these skills, tools and utilities are also needed to

help maintain the integrity of forensic evidence during the collection process. Some of these

tools can include file and disk utilities, network utilities, and other system utilities that monitor

active processes on a computer system.


3

Computer Forensic Tools

LaRon Walker

Master of Information Technology and Internet Security

June, 2010

The growth of cyber crime is has created great concerns amongst consumers and

corporations alike, causing more focus to be placed on ways to obtain the evidence necessary to

convict the offenders. This has also forced the evolution of computer forensics. Computer

forensics is a group of tools that are used in combination to collect the digital fingerprints left

behind by those who attempt to hide or erase traces of data that may be used as evidence. There

are many different tools today that can help forensic investigators indentify, gather, and maintain

data integrity when processing digital evidence. These tools can include, but are not limited to

file and disk utilities, network utilities, and other system utilities that monitor active processes on

a computer system.

According to Kreston (2008), some of the most commonly used forensics techniques

consist of acquiring (imaging) data without altering it, registry analysis, Data Hashing, Hex

Editing, Data Carving/Artifact Recovery, and Password Recovery. To have a good forensics

strategy, multiple tools specializing in different areas may be necessary to gather all the

information necessary to be admissible in a court room. This can be accomplished by either

building a forensics toolkit from customized standalone utilities, or by using a vender-made suite
4

of tools. Although either of these strategies can be very effective, using a combination of both is

common as investigators must adapt to different computing environments.

The acquisition of data plays a key role when collecting information to be used as digital

evidence. This practice can consist of capturing the process used to gather the data, as well as

ways to verify the data has not been altered in any way. Many forensic tools have been

developed to accomplish these goals. According to Kreston (2008), some of these tools include

Sourceforge FTimes, Technology Pathways ProDiscover for Windows, and Intelligent Computer

Solutions (ICS) Solo-3 Forensic Kit. Below is a screen shot of Technology Pathways

ProDiscover for Windows gathering forensic information.

Registry analysis also plays a vital role when collecting computer forensic evidence.

This tactic helps trace computer activity by browsing registry content for information that may

have been deleted by other means. Parben’s Registry Analyzer, RegRipper, and James
5

Macfarlane’s Perl based Parse-Win32Registry are a few examples of these types of forensic

weapons. Below is a screenshot of RegRipper.

Unfortunately, I did not have a registry hive file to use, so the screenshot does not display the

tool in action. This is not a registry reader like Regedit, but is a tool that can extract registry

information with includes or contains timestamp data. This can be useful when gather

information on most recently used applications or files.

Data carving is another important concept that is useful in collecting information for

computer forensics evidence. The utility File is a tool that can be used along with hex editors to

determine file types and formats. This tool reads the header and footer information that every

file needs to be correctly recognized. Every file type has a unique set of digits that is used for

identification, and the utility File along with a hex editor can help display this information.
6

Below is an example of how the utility displays this information in relation to a .lst (Fortran

Program) file. The below example is performed in the Unix Operating system.

File command
7

Hex Editor Output


8

Overall, using a combination of different file and disk utilities, network utilities, and

other system utilities that monitor active processes can help gather information from a computer

or network in a manner that can be used as computer evidence. These tools can also help collect

the data without altering it in any way. This is very critical component when investigators are

called to present computer forensic evidence in courtroom.


9

References

Keston, G. (2008). Computer Forensics for Windows Files. Faulkner Information Services.

Retrieved June 27, 2010 from Faulkner Information Services database.

You might also like