Data Forensic Tools Used in Investigations

Tips for Monitoring Cyber Security Threats
April 17, 2012
Using Proper Techniques In Data Forensics
April 27, 2012
Show all

Data Forensic Tools Used in Investigations

Data forensics has a multitude of possibilities. The key to success is in the ability to match the correct forensic tools to the goal of data recovery. This field of investigation is of particular interest to those whose end goal is to use forensic tools to accumulate data which may be presented as evidence in a court of law.

Common tools of the forensic investigator include:

  • File system tools
  • Vulnerability detection tools
  • Antivirus & anti-spyware tools
  • Malware & debugging tools
  • Reverse engineering tools
  • Timeline editors
  • Data acquisition & analysis tools
  • Cloning (or Virtualization) tools
  • Cryptography tools

What are these tools used for:

  • Recover memory, data and images from corrupted, damaged or formatted disks or hard drives
  • Help us find hidden data and dig deep into computer operating systems
  • Extract, decode and analyze data from mobile devices
  • Harvest images & text from computers and networks
  • Analyze Logfiles
  • Malware / Spyware Detection
  • Computer cloning
  • Encrypt and protect data
  • Security monitoring
  • Data carving

These tools allow us to perform important tasks including:

  • Collecting evidence that has not been corrupted or modified by the investigator in a manner that will be presentable in a legal proceeding
  • Ensure that as little data is missed as possible
  • Slack space recovery
  • Make copies of important data so they can be analyzed and reviewed
  • Locate problem areas within your computer system to identify sources of potential future cyber threats

What Difficulties Do Data Forensic Tools Present?

Due to the variations in law and tools available, it may seem overwhelmingly difficult to know where to start.  Many of these tools are free (open source or freeware) but some of our more important tools are commercial products that not every investigator will have at their disposal.

Data forensics is a hugely varied field and knowing what approach and which tool to use may be difficult to assess if you are not familiar with these current practices, especially when the key to great data recovery is matching the right tools to the job.

Problems you may encounter with DIY methods include:

  • Lack of skills and experience
  • Problems sourcing professional and legal software
  • Not knowing how to securely store your data
  • Not knowing how to present findings as concrete evidence