Chapter 8: Common ForensicsTools

In This Chapter

  • Exploring disk imaging tools, forensic software tool sets, and miscellaneous software tools

  • Understanding computer forensics hardware

  • Assembling your forensic tool kit

Chapter 4, 'Common Tasks,' covered the frequently performed tasks in an investigation. The first steps nearly always involve old-fashioned detective work. You need to observe and record first. You do not start looking for documentary evidence until after you survey the physical evidence. Once you start examining media contents, you'll need some tools to help you find and make sense of stored data.

Investigators and computer examiners need several different types of tools to identify and acquire computer evidence. Some evidence is hidden from the casual observer and requires very specialized tools to access. This chapter covers some of the more common tools available to carry out computer forensic tasks. This list is a sampling of the more popular tools available to the general public. Although every attempt has been made to provide a balanced list of forensics tools, there are several limitations to any static list of available tools. The list of tools in this chapter is not exhaustive. You'll likely find useful tools not listed here; however, the exclusion of any tool does not diminish its merit. You'll also find many web addresses in this chapter. They are provided for your convenience. Each one was valid at the time of writing, but web addresses do change and you may have to do a little investigative work to find a lost tool.

