Forums
Main Category
General (Technical,...
2 very quick questi...
 
Notifications
Clear all

2 very quick questions for all you DFers out there...

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by MDCR 13 years ago
7 Posts
6 Users
0 Reactions
488 Views
RSS
ChopOMatic
 ChopOMatic
(@chopomatic)
Active Member
Joined: 19 years ago
Posts: 14
Topic starter 08/04/2012 12:14 am  

Hi folks,

I'm writing an article for a forensic special issue by one of the big infosec mags, and have a pair of questions I hope you'll be willing to answer

1. What are the top 3 paid software tools you can't do without in your practice?

2. What are the top 3 free software tools you can't do without in your practice?

Thanks!

Jerry Hatchett, CCE

Certified Computer Examiner
Licensed Private Investigator

Beyond I.T. - Houston
Solutions in Digital Forensics & ESI
—————————————————-

DISCLAIMER Anything I say, particularly with regard to technology, should be interpreted generally, not specifically. The online world is a wonderful thing, but rarely is it practical to cover every imaginable scenario in a written, fast-paced forum. There are often exceptions, so keep that in mind.


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
08/04/2012 5:03 pm  

> 1. What are the top 3 paid software tools you can't do without in your practice?

1. Write-blockers
2. Cellebrite (for mobile devices)

> 2. What are the top 3 free software tools you can't do without in your practice?

1. Perl (or any other programming language)
2. Hex editor (may be free or paid, depending on preference…)

IMHO, this sort of work really needs to move away from a reliance on tools for analysis work. Data collection will often be about the tools, but analysis should be about process. A knowledgeable analyst will be able to select the appropriate tool, rather than having their analysis being driven by the tool. The question should be "…how can I best approach this problem?", not "…what does this tool allow me to do?"


   
ReplyQuote
 miket065
(@miket065)
Estimable Member
Joined: 21 years ago
Posts: 187
08/04/2012 5:44 pm  

Paid

1) EnCase
2) NetAnalysis
3) Internet Evidence Finder

Free

1) FTK Imager
2) RegRipper (thanks keydet89)
3) VLC Video Player


   
ReplyQuote
 96hz
(@96hz)
Estimable Member
Joined: 17 years ago
Posts: 143
08/04/2012 10:15 pm  

Paid
Encase
Netanalysis
Xry

Free
Reg ripper
Log Parser
Ftk Imager

These are tools that I would be reaching for most of the time, some on every examination. There are some other very expensive paid tools that are good for specific tasks and numerous free tools/scripts that I always want around. Of course Harlan is right it is much more about the analyst/process, especially as there is no one-stop-shop that can do everything the way you might require.


   
ReplyQuote
 Xennith
(@xennith)
Estimable Member
Joined: 15 years ago
Posts: 177
09/04/2012 1:20 am  

Paid

1. Encase (version 6)
2. VFC
3. Write blocker

Free

1. Hex editor
2. Calc.exe
3. Google


   
ReplyQuote
ChopOMatic
 ChopOMatic
(@chopomatic)
Active Member
Joined: 19 years ago
Posts: 14
Topic starter 10/04/2012 7:47 am  

Big thanks to those who have taken the time to answer. It's helpful to hear what others are doing.

I'm in wholehearted agreement that the DF workflow needs to be governed not by tools, but the tools governed by the workflow/process.


   
ReplyQuote
MDCR
 MDCR
(@mdcr)
Reputable Member
Joined: 15 years ago
Posts: 376
13/04/2012 5:21 am  

"1. What are the top 3 paid software tools you can't do without in your practice?"

Windows Operating systems
Microsoft Word

"2. What are the top 3 free software tools you can't do without in your practice?"

Linux
Wireshark


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: