Hi all,
I'm in the process of setting up a computer forensic service and am putting together a complete toolkit - hardware and software. Does anyone have a list of equipment that should constitute a toolkit?
Thanks and regards.
Are you a competitor of mine?
nat038,
This list is by no means exhaustive, but hopefully will give you some ideas. There is not a set list of hardware and software and many factors attribute to what is contained in your arsenal (Budget, OS familiarity, Type of Work, etc).
Check out the various forensic boot CDs (CAINE/Helix/SIFT/DEFT/etc.)
-These are linux based but contain just about every tool you would need to perform an examination. That being said it is linux and a majority of the tools are CLI but, they are FREE!
Writeblockers
-Tableau/Wiebetech (SATA/Firewire/USB/etc)
-USB Registry Key Registry Edit Writeblock (google it) (always test)
Hard Drive Acquisition Software/Hardware
-Tableau TD1/TD2 (Hardware -There are several others, I am familiar with Tableau - which are great)
-FTK Imager (Free)(Software)
-Forensic Boot CDs (CAINE/DEFT/HELIX/etc.) - all have multiple linux imaging applications (AIR/guymager/dd)
Hard Drive Forensic Analysis Suites
Each suite has its own pros and cons, you need to decide which one(s) is/are best for you (you should have at least two for findings validation).
-Autopsy/TSK (free)
-X-ways Forensics(Commercial - 1/3 of the price of FTK and EnCase)
-AccessData FTK (Commercial - last time I checked roughly $3k - $3.5k)
-Guidance Software EnCase (Commercial - you want version 6, I have personally used version 7 and it is full of bugs)
Email Tools
-Nuix Proof Finder (Great tool - 15gb mailbox limit)
-Paraben Email Examiner or Network Email Examiner
-Aid4Mail
-Advanced Outlook Repair/Advanced Exchange Repair
Metadata Tools
-ExifTool (free)
-metadata assistant
-metadataminer
Cell Phone Forensic Acquisition/Analysis
-Cellebrite UFED (Excellent, but expensive)
-XRY (i have never used it but I've heard good things from others)
-Paraben Device Seizure
-Oxygen Forensics
-Via Forensics (Android) also has (Santoku - bootable forensic cd for mobile device analysis) Santoku is fairly new so I'm sure the guys at Via Forensics will continue to develop it.
Random
-Tools (screw drivers (magnetic tips), pill cases (for holding screws), Apple compatible screw drivers (pentalobe)
-Digital Camera
-Chain of Custody forms
-Evidence Tags
-Labels
As I mentioned this list is not exhaustive. The main thing to remember is that in forensics, you always need to validate your findings. So you depending on your experience, you may want to have a commercial tool and an open source tool to validate. If you are comfortable with Linux and CLI than you do not "need" a commercial tool. There are tons of open source tools which work extremely well. Forensic Control has an entire list of free tools posted on their website.
Remember GOOGLE IS YOUR FRIEND!
Lilpops, I know you are new around here. However, we try to foster a nice, wonderful, almost aromatic peach type environment where Jamie will not let anyone say "Google is your friend" and especially not in caps.
Lilpops, I know you are new around here. However, we try to foster a nice, wonderful, almost aromatic peach type environment where Jamie will not let anyone say "Google is your friend" and especially not in caps.
I apologize as I meant no disrespect by it, just trying to inform the OP that there are numerous great resources out there.
I know you didn't. Just telling you so you don't get a nastygram from mods
Lilpops, I know you are new around here. However, we try to foster a nice, wonderful, almost aromatic peach type environment where Jamie will not let anyone say "Google is your friend" and especially not in caps.
I apologize as I meant no disrespect by it, just trying to inform the OP that there are numerous great resources out there.
I appreciate the heads up!
May I raise a generic question? ?
I seem to detect a "CATCH22" situation.
Say that a long time expert and willing to help member suggests to have in the toolkit a "protofractional flubbinator" (a fictional tool that is very useful for "frastling grops and zerling drestroos") .
I would presume that - besides the sheer existence of the tool in the toolkit - the actual operator of the forensic service should have spent long hours studying the theory behind both "frastling" and "zerling" and yet more hours getting familiar and practicing with the actual specific make/model "flubbinator", or at least with similar "protofractional" tools in order to be able to use that tool.
Then, he/she would already know the existence of the tool, would know when and how to use it and would be capable of deciding himself/herself whether this tool is needed in the toolkit or not, this depending by a lot of factors, including the cost of the tool, the kind of work the forensic service is going to provide, etc., etc.
jaclaz
Thanks for (most of) the post so far. I shoudl clarify…
…
I'm setting up an in-house service for the company I work for. I have a pretty good idea of the toolkit contents, I'm a past techie so I know one end of a computer from another.
If there are any decent lists out there I'd be grateful for a pointer.
I shoudl clarify…
…
Yes ) , maybe if you list the actual expected kind of activities the "in-house service" is likely to perform, some member could give you more specific advice, as opposed to "generic" lists.
I mean, as an example, if your firm only uses (say) BlackBerries as mobile communication devices, you will have no need for any "specific" iPhone tools, or if it the scope is exclusively "PC forensics" you won't have any need for tools related to Cell Phone forensics.
jaclaz