hi
i was actually looking to set up a very basic forensics lab. i just needed an opinion of the community here as to what products they think are most suited for
1) acquisition (both computer and mobiles)
2) analysis
3) disk imaging
And I know this question might have been asked n number of times, but still, Encase or FTK?
"Building a Digital Forensic Laboratory Establishing and Managing a Successful Facility" by Andrew Jones and Craig Valli (ISBN 978-1856175104) offers insight into how to setup a digital forensic lab.
If you are new to digital forensics, start by learning about some of the free software and open source software available such as Helix and PenguinSleuth. While Encase and FTK are the more popular proprietary software they are by no means the only tools.
thank for your reply. i am not new to forensics, just looking in for an insight on what others think are good a hrdware/software to be used in a forensic lab.
See if this
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3642
helps.
jaclaz
ANyone wants this book, pleae PM mee. I have all books
hi
i was actually looking to set up a very basic forensics lab. i just needed an opinion of the community here as to what products they think are most suited for1) acquisition (both computer and mobiles)
2) analysis
3) disk imaging
What's the difference between #1 and #3?
And I know this question might have been asked n number of times, but still, Encase or FTK?
Neither. You don't need either of them to do what amounts to a very wide range of analysis tasks.
#1 is on site acquisition
#3 is off site duplication
Yes, I know, a lot of freeware is out there. But my question was specific to these two.
#1 is on site acquisition
#3 is off site duplicationYes, I know, a lot of freeware is out there. But my question was specific to these two.
Okay, so what's the difference between acquiring data on-site, as opposed to off-site?
Wouldn't you use the same processes for either?
#1 is on site acquisition
#3 is off site duplicationYes, I know, a lot of freeware is out there. But my question was specific to these two.
Okay, so what's the difference between acquiring data on-site, as opposed to off-site?
Wouldn't you use the same processes for either?
By off site duplication I mean tools to create multiple images of an acquired image.
By on site acquisition I mean acquiring the first copy of the seized disk/memory.
I believe both to be different processes. Correct me if I'm wrong.
By off site duplication I mean tools to create multiple images of an acquired image.
By on site acquisition I mean acquiring the first copy of the seized disk/memory.
For off-site, you could do the same thing as you do on-site, but make and verify copies.
Memory acquisition should be done soonest, but as far as disk acquisition goes, I still don't see where you've differentiated between on-site and off-site acquisitions.