Chapter 21: Commercial Forensic Image Tool Kits

Previous page
Table of content
Next page

OVERVIEW

Once the decision is made that an investigation will take place, it is a good idea to obtain a forensic image of the machines involved in the incident. Several choices of forensic image software are available; both commercial and noncommercial tools have withstood the burden the legal system has placed on them. This chapter reviews several tools that are available commercially. Typically, mid- sized to large organizations lean toward commercially available software, so this chapter describes six of the most popular packages: EnCase, SafeBack, SnapBack, FTK Imager, Ghost, and SMART.

Forensic images, also called bit-stream images , exactly replicate all sectors on a given storage device, not just those that are in use.

You may want to read the Case Study toward the end of the chapter first to familiarize yourself with the hard drives and the situation you will face when you use these forensic image tools. The Case Study will be referred to as the "example" within the following sections.

Note 

The tools discussed in this chapter perform forensic image and not analysis. See Chapters 22, 23, and 24 for information on tools to aid in forensic analysis.

In keeping with the flow of the investigation, we now move to the Forensic image step in the timeline:


Previous page
Table of content
Next page
Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175
Authors: Mike Shema, Chris Davis, David Cowen
BUY ON AMAZON
Qshell for iSeries
Competency-Based Human Resource Management
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
PMP Practice Questions Exam Cram 2
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy