A question about op...
 
Notifications
Clear all

A question about operating systems

6 Posts
5 Users
0 Likes
1,161 Views
(@rastun)
Posts: 2
New Member
Topic starter
 

I am a student currently pursuing a degree in Information Technology - Cyber Security and happen to be taking a course on Digital Forensics and legal.
I tried searching for this question but really only came across a very old thread about which Linux Distro was best.

A question that has come up that I would really like to get a broad consensus on is "What operating system is most commonly used for digital forensics?"

 
Posted : 08/01/2019 6:25 pm
BraindeadVirtually
(@braindeadvirtually)
Posts: 115
Estimable Member
 

A competent forensic investigator should be comfortable using all major versions of Windows, Linux, and MacOS and will use whichever is most appropriate for whatever they are investigating.

 
Posted : 08/01/2019 6:58 pm
(@rastun)
Posts: 2
New Member
Topic starter
 

Redcat,
I must say that makes perfect sense and when the question was first posed I was thinking the answer would be "Well it depends on the situation"

 
Posted : 08/01/2019 7:02 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

A question that has come up that I would really like to get a broad consensus on is "What operating system is most commonly used for digital forensics?"

It is one of those questions that are IMHO extremely difficult to answer, as there is not any consensus (let alone broad) on what exactly is "digital forensics".

Let's divide first into
1) PC's (personal computers) being them desktops and laptops
2) Mobile thingies being them smartphones, phablets and tablets
3) Servers (both internal/large business servers and web/providers ones)

Then, for each of these (each rather "large" ) subsets, we need to determine what devices are more common and which kind of cases are more common.

To give you an example, an unauthorized access to a company server may be both a civil and a criminal case, and while its investigation belongs to digital forensics, it is very different (both in OS and in tools used) from a case of libel or treats on a web page/blog/facebook/twitter (which again may be both a civil and a criminal case), and very different from a (criminal only) case of pedo-pornography or - still say - the digital forensics connected to a homicide or a terrorism act.

Then you would need actual data on the amount of each of these different kind of cases investigated (many of which may use different OS/tools for different parts of each of these investigations) by both possible parties (investigators working for prosecution and for defense) besides the non-criminal ones (as an example "internal" incident response and post-mortems, which while more "security" related definitely belong to digital forensics), and you would probably need to add some "weight" for the "duration" of each investigation (I mean analyzing a single smartphone takes much less time than carving tens of large hard disks).

I doubt that you will manage to get anything more accurate than "wild guesses" with a classification like
1) Windows
2) Linux
3) Mac OS
or maybe
1)Windows
2) Mac OS
3)Linux
which more or less reflects the normal diffusion of each OS on desktops/laprops.

jaclaz

 
Posted : 08/01/2019 7:26 pm
(@xandstorm)
Posts: 56
Trusted Member
 

Let's divide first into
1) PC's (personal computers) being them desktops and laptops
2) Mobile thingies being them smartphones, phablets and tablets
3) Servers (both internal/large business servers and web/providers ones)

jaclaz

Let's not forget 4)… Networking - routing and switching forensics.
Often times overlooked but router forensics are a treasure chest.

Saludos,
Lex

 
Posted : 09/01/2019 2:26 am
(@jahearne)
Posts: 35
Eminent Member
 

Most commercial forensic software runs on Windows operating system. There are a lot of commercial forensic software the runs on Mac, Blacklight comes to mind. All your free distributions are on Linux.

All that really matters is what platform the company is using that hires you!

 
Posted : 17/01/2019 3:50 am
Share: