I'm about to graduate with a degree in computer forensics. Im looking to start my own firm doing work for lawyers corporations and residential customers. What is a best software for basically retrieving deleted files, also forensic examination of smart phones? Most of my work would be internal but from time to time it may need to hold up in court.
What was the software you used during your degree process? There are many different software packages - some do a particular part well, the others - some other. There are the usual
FTK
Encase
XWays
Cellebrite
Oxygen
Paraben
Lantern
etc.
There are many other open source programs that are also very good at what they do.
One thing I would recommend… your comment about your work *MAY* (emphasis mine) need to hold up in court. ALWAYS proceed like your work may end up in court, because the one case that you think will not, is the one that will and your work will be under a microscope. Everything you do, should be with the thought in mind that you will end up defensing your position, your work, your analysis and your presentation.
Good luck!
-=Art=-
I'm about to graduate with a degree in computer forensics.
Im looking to start my own firm doing work for lawyers corporations and residential customers.
What is a best software for basically retrieving deleted files, also forensic examination of smart phones? Most of my work would be internal but from time to time it may need to hold up in court.
With all due respect ) , I wonder what they actually teach in that UNI. 😯
After a degree level course in computer forensics do you really believe that
a) "a best" software exists (obviously a one size-fits-all and good-for-any-smartphone)
b) that a "software" (only) is what is used to retrieve deleted files and carry forensic examination of smart phones
?
You will need most probably several different softwares, and pieces of hardware.
When it comes to smartphones, tools are usually pieces of hardware and software combos, like (examples) UFED
http//
http//
XRY
https://
And we haven't touched JTAG …
jaclaz
Software is just a tool. You need to understand what the tool is doing, how it works, and you must be able to verify the results yourself, possibly with a good hex viewer.
After that, the 'best tools' are ones you can understand and use. (One size never fits all).
THanks for the recommendations. You are correct, "best" is the wrong word to use, as there is not one "best" program. We used FTK and Encase in school so I do understand how to used both of them. Encase was the one we were pushed, but I wanted to experience other programs as well so I took part in some sessions where we learned FTK.
The sales pitch so to speak was that Encase was the #1 program for examination because it holds up best in court. I however like to be well informed and it just seams that the instructor was partial to the Encase program and didn't want to tell us able any other programs.
All depends on the scenario at hand hence why you have so many tools, but hex viewers are alway nice.
All depends on the scenario at hand hence why you have so many tools, but hex viewers are alway nice.
I think a hex viewer must be top of any list.
So often there are questions posted and I often feel the first answer is not Encase/FTK/etc etc but a quick look with a hex viewer to see what the raw data is. It may be part of a standard tool, or stand alone, but everyone needs to view raw sectors /files/boot sectors etc.
Years ago i started with Encase and FTK. Now it is X-Ways. It is different feeling at first, but now Im not sure how i used the other ones. And it is much faster to accomplish my work.
It includes WinHex, so you have the hex editor.
Cell phones, i would say to start with a Cellebrite Touch. (or whatever the latest is)
Then when you need more tools, add them based on the features that are needed that your 'go to' tools do not have (or do not do well)