Point and Click forensic software

Nintendo Forensics

I'm a little unclear on your request. You're looking for a single word that describes point-and-click forensics? Nintendo forensics is another term I've heard.

There does seem to be a trend whereby "examiners" use a triage tool, find an incriminating image and immediately turn it over to the prosecutor. These "examiners" have only answered what, not when or where or why or how or, most importantly, who.

There is nothing wrong with using automated tools. If my clients had to pay me to examine every piece of evidence in WinHex, I'd have no clients. The key is understanding the limitations of the tool and how to manually verify findings.

I have heard it called push button and nintendo forensics. Although it's a struggle for me associate "forensics" with them. The word forensic implies probative value to the legal system. Processing an image in a FTK 1.8x, for example, I think falls short. My opinion only of course.

I'm a little unclear on your request. You're looking for a single word that describes point-and-click forensics? Nintendo forensics is another term I've heard.

There does seem to be a trend whereby "examiners" use a triage tool, find an incriminating image and immediately turn it over to the prosecutor. These "examiners" have only answered what, not when or where or why or how or, most importantly, who.

There is nothing wrong with using automated tools. If my clients had to pay me to examine every piece of evidence in WinHex, I'd have no clients. The key is understanding the limitations of the tool and how to manually verify findings.

Bulldawg, thank you for your reply. But your response is why I put the 'disclaimer' in my post. I am aware there is nothing wrong with these automated tools, but as everyone knows there are always two ways to conduct forensics. The long way, or the automated way.

I didn't intend to discriminate the use of these automated tools, I just wanted to know a suitable word that could describe the purpose of these automated tools. (Yes, they're helpful, most are reliable and nearly all of them save time, but hopefully you can understand a little more what I'm trying to ask?)

As you could probably tell, words are not my strongest attribute when it comes to explaining particular things.

Nintendo Forensics is probably the best fit synonym, thank you, keydet89.

For me, this statement "…but as everyone knows there are always two ways to conduct forensics. The long way, or the automated way…" is conceptually flawed.

One can automate the processing of the data. The analysis is always separate, includes manual effort, and probably takes some time. Not sure you can have one without the other.

Yes, processing and interpreting evidence/data are two different functions.

For me, this statement "…but as everyone knows there are always two ways to conduct forensics. The long way, or the automated way…" is conceptually flawed.

I completely agree.

Nintendo Forensics

Whoa there buddy! Ever work with game console forensics? That be some serious mess of fun!

Plus, Nintendo had even in the early days way more than a single button! I had a NES and that had four buttons and a "stick". Way more complicated than we are attempting here!

mrgreen

@Adampski
What I have seen often used on this forum is "one button forensics" (the one, and blunt 😯 definition I use is about the actual people that operate the programs/devices, "click monkeys" or "trained monkeys").
There are some related considerations/opinions in these seemingly completely unrelated topic
http//www.forensicfocus.com/Forums/viewtopic/t=10730/
http//www.forensicfocus.com/Forums/viewtopic/t=10887/
and references in them.

The original reference for "click monkey" comes from this article by Tim Wedge
http//www.dfinews.com/articles/2013/05/training-not-enough-case-education-over-training#.Ul7SKb0ZlZq
(cited in one of the mentioned threads)

I have used the pejorative “click monkey” to describe individuals who use automated forensic tools, sometimes with considerable proficiency, but do not have an understanding (or have an incomplete understanding) of what it is that the tool actually does. In some circles, the expression “tool monkey” is used to describe the same individuals for pretty much the same reason. My disapproval of “click monkeys” is not based on the demonstrable fallibility of the tools themselves; no tool can ever be perfect, and they remain indispensable assets. In my experience, the limitations and imperfections we find have not generally been due to poor design, but to an intrinsic lag in response time to changes in operating systems and file systems, as well as the sometimes secretive nature of changes to these systems. Criticism of click monkeys is usually based not on contempt, or disrespect, but on fear. People who know nothing more than how to use a tool are manifestly incapable of detecting flaws in that tool, or taking steps to correct or account for those flaws. Moreover, they are often unaware of important information that the tool omits.

Examiners with a more solid grounding in the technical theory behind file system mechanics and operation are better able to conceptualize what a tool is doing. With a solid grounding in research methods, an examiner is better equipped to design and execute effective tests to determine how well and how reliably the tool is doing its job. Moreover, that same knowledge better equips the examiner to take corrective measures or place appropriate boundaries on the interpretation of that tool’s results. The advantage of a liberal arts education is that the student is not simply better trained, nor merely given a greater depth of technical knowledge. He or she is not taught to merely follow steps in a process to arrive at a solution; but to learn to recognize problems, to test for problems, and to develop solutions for those problems.

jaclaz