Digital forensic tools

Editor's Notes

• #2: Greetings! My name is Leon Hamilton and welcome to our presentation and I would like to share some of the tools utilized in digital forensics. The novel technologies are easily integrated into existing technological assets as well as our existing behavior needs and lives for that matter. Unfortunately, cybercrime is also expanding. A primary challenge is that the technology and creativity of cybercriminals changes at a rapid pace. Unfortunately, we are, in a sense, at the mercy of their minds, resources, and the amount of time they have on their hands. Consequently, digital forensic crime investigation is becoming a more challenging engagement. I will introduce some of the available forensic tools, but first-rate tools can be hampered by the lack of standardized, effective forensic processes. It is very necessary for academia, practitioners, and law enforcement to collaborate and agree on an industry standard.
• #3: Grispos, Storer and Glisson (2012) defined digital forensics as the art and science of implementing scientifically developed and validated methodologies for the collection, preservation, identification, analysis, interpretation, documentation, analysis, and presentation of digital evidences obtained during cyber crime investigations. Consequently, digital evidences obtain from digital hardware or software could contribute to or provide better definition and reconstruction on events that are potentially criminal. The interconnected nature of technology increases opportunities for cyber criminals while also increasing the difficulties associated with forensic investigations.  
• #4: Kumari and Mohapatra (2016) divided digital forensics into these five branches. Computer forensics integrates computer science with technology to collect, preserve, and analyze evidence that is critical and can withstand legal scrutiny in cyber investigations. Network forensics defines the behavior of cyber criminals and tracking them through the analysis of log and status information. Mobile device forensics retrieves digital evidence and crucial data from a mobile device. Memory forensics analyzes and extracts information from the memory dump of computers. Email forensics . Email forensics investigates headers and content of email history for important data and traffic. Identification of the appropriate sources could play an important role in expediting the investigation to a successful conclusion.
• #5: Baig, et al. (2017) argued that these are some of the most significant challenges that must be endured by digital forensic professionals at present. Additionally, the security must be provided for the data transmission and storage facilities where evidence pertinent and valuable to the forensic process must be stored. These challenges are not only unique traditional forensic investigations, but are applicable to cloud computing, Internet of Things and Internet of Cities. These systemic concerns mandate collaboration among digital forensic analysts to increase the efficiency of investigations while integrating best practices.
• #6: Infosec (2018) identified different tools that target the five previously mentioned branches of forensics and some are a jack-of-all-trades. One of the most widely used is EnCase. If you are inclined to review it prior to use, you will find that it has a laundry list of features and benefits. Regardless of the tools being used, there is an extraordinary amount of data to be analyzed during an investigation. One good rationale for the wide spectrum of tools is lack of compatibility among the tools and the tool utilized on one device (e.g. mobile), may not be applicable for another device (e.g. external hard drive). Harbawi and Varol (2016) opined that there is extensive gap between cyber crime methodologies and forensic tool capabilities. So…choose your weapons, strategically, efficiently and according to your budget!  
• #7: EnCase is probably the most popular platform on this list and encompasses many different tools that address several areas of the digital forensic process. One of its capstone capabilities is producing a comprehensive report after obtaining evidence or potential evidence from various devices. The company recently introduced the Mobile Investigator to provide a solution that stays abreast of the novel mobile devices, applications, and operating systems to ensure the prosecution of criminals. This tool is not free and license costs are commensurate with the organizational purpose-Site License, Perpetual License, Term-Based License or Academic Program.  
• #8: WinHex, at its foundation is a universal hexadecimal editor. Wikipedia defines a universal hexadecimal editor or hex editor as a program that allows manipulation of raw data contained with files-at the byte level. WinHex is a core essential for digital forensics investigations data recovery, and low-level data processing. The tool can be used for emergency and everyday use, inspect and edit different type files, recover deleted or lost data from hard drives and from digital camera cards. Potential purchasers of the software will find that the features are a la carte and depend on the license type. Additionally, the company offers a “try before you buy”, as long as necessary, for FREE.
• #9: FTK is built to integrate with mobile and eDiscovery tools. Unlike other forensic solutions, it distinguishes itself by utilizing a single case database for faster results and a candid snapshot of the event. FTK conducts indexing up front resulting in more efficient filtering, and searching of data. A shared index file reduces or eliminates the need to recreate or duplicate file for shared use during the investigation. Additionally, the parent company, AccessData, can configure the product as a password recover solution and access password protected files.
• #10: X-Ways is an advanced platform utilized in digital forensic investigations that runs on all available Windows versions. The company claims that it is more efficient, operates faster, no extensive hardware requirements and does not require the establishment of a complex database. The tool is fully portable and can operate from a USB stick and mirrors many of the capabilities within WinHex being based on WinHex hex and editor. Comically, it states that as a German product, it is more trustworthy.
• #11: Oxygen Forensic Suite is a niche software forensic package primarily focusing on extracting evidence from mobile phones to support a digital forensic investigation. This includes their backups, drones, cloud services, and call data records. Their advanced technology allows more data extraction than the traditional amount. The company offers six different products, depending on requirement, quickly and safely extract data critical to investigations. Forensic specialists, military investigators, government agencies, and private investigators presently use the software.      
• #12: Computers, like anything else in the technological arena are a state of constant evolvement. Its tactics, procedures and techniques must constantly accommodate new scenarios and constantly changing cyber threats. Nieto, Rios, and Lopez (2018) declared that IoT Forensics is a paradigm shift as it pertains to traditional forensics. The additional principles necessary for its success include the cooperation of individuals and their personal devices with law enforcement for the successful resolution of a digital forensics case. This integration is only successful if citizens have the reassurance of privacy. Nieto, Rios, and Lopez (2018) apply the ProFIT methodology, which is centered on consumer privacy, IAW ISO/IEC 29100:2011-which are uniform privacy standards, to achieve successful investigations.
• #13: Cloud computing becoming the gold standard for information technology delivery and related functions. It is a paradigm shift that is allowing customers to “rent” instead of the traditional ownership and maintenance associated with technological infrastructure. Roussev, Ahmed, Barreto, McCulley, and Shanmughan (2016) declared that cloud forensics is not congruous with existing protocols and requires a new methodology and forensic toolkit. According to Cisco (2014), software services that integrate cloud technology will grow to 64 percent this year. Nonetheless, cloud forensic responses to these future developments can be feasibly predicted based on current information technology directions.