hello,
i am a student in university and a totally newbie in computer forensics area.
ive been asked to evaluate the hardware required in order to carry out the major tasks in computer forensics. but we have never used any hardware or any other forensics tools in the university. so i decided to ask the professionals help to point me to the right direction. I need some clues of which is the best hardware forensics toolkit at this moment in the market and if someone has use it whats it's advantages comparing to other toolkits
kindly regards Vasileios
AccessData and EnCase (probably others but I did not do that much looking) have PDFs with hardware requirements on their sites.
Best is a subjective term, I was just listing two of the larger players that had info handy.
encase has also hardware parts for forensics?
Do you mean the hardware specifications of the computers used to examine evidence or do you mean all the gizmos and gadgets that are used to acquire the evidence or something else? If you are a little more clear and specific you'll get a much better answers. And if you don't have the harware available to you, how are you going to evaluate it?
Do you mean the hardware specifications of the computers used to examine evidence or do you mean all the gizmos and gadgets that are used to acquire the evidence or something else? If you are a little more clear and specific you'll get a much better answers. And if you don't have the harware available to you, how are you going to evaluate it?
exactly the question is the following Critically evaluate the hardware required in order to carry out the major tasks required in comuter forensics. you should ilustrate your answer with examples indicating the rationale and role of each piece of hardware.
what i get from this is the gismos and stuff …. for the software is the next question… and im wondering the same HOW THE HECK can we evaluate a hardware we have never used …..
As the question is referring to "computer forensics" I assume that you are not including other devices such as PDAs and cellphones.
In terms of hardware "required", I am not sure that there is any. You can certainly perform a detailed and defensible forensic analysis using "off the shelf" components.
Many people prefer to use hardware write blockers and hardware storage acquisition and duplication devices because their use makes it harder to make a mistake and simplifies the evidentiary documentation process, but I would not consider these to be true requirements as all of these can be performed with appropriate use of software.
The NIST Computer Forensic Tools Testing program has evaluated some software and hardware products but it is not feasible to evaluate all products or even all revisions to products already evaluated.
So, in essence, the only hardware tool that you really need is a computer. Can computers make "mistakes?" Sure. Memory errors can occur, disk blocks can go bad, cables can break. That is why you back up your work and make sure that your conclusions are drawn from observations which are verifiable.
Or am I missing the question?
As the question is referring to "computer forensics" I assume that you are not including other devices such as PDAs and cellphones.
In terms of hardware "required", I am not sure that there is any. You can certainly perform a detailed and defensible forensic analysis using "off the shelf" components.
Many people prefer to use hardware write blockers and hardware storage acquisition and duplication devices because their use makes it harder to make a mistake and simplifies the evidentiary documentation process, but I would not consider these to be true requirements as all of these can be performed with appropriate use of software.
The NIST Computer Forensic Tools Testing program has evaluated some software and hardware products but it is not feasible to evaluate all products or even all revisions to products already evaluated.
So, in essence, the only hardware tool that you really need is a computer. Can computers make "mistakes?" Sure. Memory errors can occur, disk blocks can go bad, cables can break. That is why you back up your work and make sure that your conclusions are drawn from observations which are verifiable.
Or am I missing the question?
thank for the knowledge … no you dont miss the question (as i get it coz i have some troubles understanding some stuff cos im greek / and some times the language confuses me when its not clear enought as it is here ) obviously but i have to write like 750 words on a piece of hardware like a duplicator or something >< …. as ive read the last months and researched ive understand your points.
Ok, that makes sense.
Here is a good place to start
http//
There is a wealth of data on their methodologies, the tools that they have tested, the results, etc.
If you are looking for a pure hardware solution try Logicube (http//