Chapter 21: Commercial Forensic Duplication Tool Kits

 < Day Day Up > 



Overview

Once the decision is made that an investigation will take place, it is usually a good idea to obtain a forensic image of the machines involved in the incident. Several choices of forensic duplication software are available; both commercial and noncommercial tools have withstood the burden the legal system has placed on them. This chapter reviews several tools that are available commercially. Typically, mid-sized to large organizations lean toward commercially available software, so this chapter describes four of the most popular packages: EnCase, Safeback, SnapBack, and Ghost.

Once the decision is made that an investigation will take place, it is usually a good idea to obtain a forensic image of the machines involved in the incident. Forensic images, also called evidence grade or bit-stream copies, exactly replicate all sectors on a given storage device.

You may want to read the Case Study at the end of the chapter first to familiarize yourself with the hard drives and the situation you will face when you use these forensic duplication tools. The Case Study will be referred to as the “example” within the following sections.

Note 

The tools discussed in this chapter perform forensic duplication and not analysis. See Chapters 22, 23, and 24 for information on tools to aid in forensic analysis.

In keeping with the flow of the investigation, we now move to the Forensic Duplication step in the timeline:

click to expand



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net