Hello,
What are Forensic Preview Tools ?
Are there types or categories of these tools?
Probably a reference to tools such as SPADA, SurfRecon, COFE (sp?) and similar that are used by corrections officers and "regular" LE to determine if further investigation by the forensic examiners is warranted or for knock & talks (like examining computers of registered sex offenders to make sure they are not looking at pornography).
… (like examining computers of registered sex offenders to make sure they are not looking at pornography).
One note These are the sort of offhand comments which nuke one's credibility. Once a Registered Sex Offender is "off paper" (means has completed his parole or probation, no longer Under Supervision by the Court) his rights are restored. He can now view all the adult sites he wishes. First Amendment and all that. Attempts to limit this right under the guise of "Protect The Children" laws (such as Jessica's Law) are failing court tests left and right. "Go online, give us all your passwords, user IDs, and social networking site profiles." Still not sure how that can be enforced even if it were Constitutional… maybe required all RSO's to connect to a government proxy? What about the vigilantes who go to, for instance, Megan's Law sites, copy the offender's data, then start joining social network sites? An annonymous tip to LE then… one more prev off the streets.
It may be different in your state… but how are such random searches and seizures, squared with the Fourth Amendment?
A federal case of note
http//
u2bigman how does your response serve to answer the OP?
My comments hardly nukes my credibility. Again if you would just read the posts before firing back a comment you would perhaps be viewed as less of an extremist and more credible.
My post reads REGISTERED sex offenders, not PREVIOUS sex offenders, not SUSPECTED sex offenders, but REGISTERED. Once a REGISTERED sex offender is "off paper" that would mean no longer registered. If a REGISTERED sex offender is on parole or under supervision and a condition of that parole or supervision is making sure they are not looking at pornography, then tools such as SPADA and SurfRecon would be used.
I just cannot fathom how you manage to turn every post into a diatribe against LE (which again I am not) or a rant about the rights of sex offenders or those wronged by the system. This is a computer forensic forum, not a Fourth Amendment forum. If you want to start a thread about the Fourth Amendment, or Jessica's Law or whatever, feel free. Plus this is a multi-national forum, not everything revolves around the US Justice system and how you apparently feel slighted in defense work.
Forensic Preview Tools is this semester's term paper topic.
I know there are classes of forensic tools traditional computer forensics tools, network forensic analzers, specialized tools for live capture, PDA and even tools for performing forensic captures over networks.
All these forensic tools have "preview" panes so I thought I would ask you, the forensics expert community
what is the definition of "forensics preview tool"?
what does this term mean to you?
are there types or categories of preview tools ?
My post reads REGISTERED sex offenders, not PREVIOUS sex offenders, not SUSPECTED sex offenders, but REGISTERED. Once a REGISTERED sex offender is "off paper" that would mean no longer registered. If a REGISTERED sex offender is on parole or under supervision and a condition of that parole or supervision is making sure they are not looking at pornography, then tools such as SPADA and SurfRecon would be used.
Your credibility would be helped if you knew of what you speak. Even the basic concepts of "off paper" and "registered" seem to escape you. Think apples and oranges. But it is not my job to educate you.
Have to agree with BitHead, u2bigman, a number of your responses have been well wide of the mark over the past few weeks. I'll be looking for you to keep things on topic and demonstrate more diplomacy in future.
Jamie
Jamie, do you have any thoughts about my topic?
Hello,
What are Forensic Preview Tools ?
Are there types or categories of these tools?
You walk into a room, and there are 100's of computers - you don't have the time or resources to acquire them all, so you perform a form of triage - you take a quick peek at them using a forensic preview tool and see if the machine has anything of interest on it… if it does, acquire it.
Different kinds of tools would need to used depending on if the system is on or off - off is easier - you boot from a Linux-based tool such as Helix or the Farmer's Boot CD, and you can then perform several different scan (keywords, AV, etc) without modifying the system. For live systems, there are also search tools you can use - many are included on the Helix CD - however, everything you do on a live system modifies the system, so there is a possibility you might destroying some important information (access dates, contents of RAM).
Hope this helps.
bj
All these forensic tools have "preview" panes so I thought I would ask you, the forensics expert community
what is the definition of "forensics preview tool"?
what does this term mean to you?
are there types or categories of preview tools ?
I do not see the preview pane in a program like EnCase or FTK as being a unique "forensic preview tool." I think a preview tool is rather a triage tool to help determine if further investigation is warranted. This can be it in a situation like bjgleas described where one is presented with a large number of computers or in a situation where a quick check for specific material on a single computer is needed and the examiner does not have the time or budget for a full examination on each computer without some trace of suspect material.
As for types, I would say many of the preview tools are designed for image, keyword or hash set searches. Types could also be divided into LE and commercial. And to echo bjgleas, types could also be live preview, where live systems are examined via a tool on USB or CD, or bootable, where the system is booted into a Linux environment and rapidly scanned for specified material. And although many of the tools are designed for use by people that are not forensic examiners, they can be quite useful.