Computer Forensics For DummiesISBN: 978-0-470-37191-6
Paperback
384 pages
October 2008
This is a Print-on-Demand title. It will be printed specifically to fill your order. Please allow an additional 10-15 days delivery time. The book is not returnable.
|
The field of computer forensics is changing constantly -- fueled by ultra-high usage of mobile devices, constant contact with wireless networks, and online lifestyles leaving e-evidence trials. Like hockey great Wayne Gretzky?s strategy of skating to where the puck is going to be?you?ll want to keep gearing up for where the e-evidence is going to be? So we?re providing this resource page to help keep your technical and e-evidence expertise in top shape.
Cell and PDA Forensics Software
What thing would you least want to lose? What would you least want someone to find -- or worse to snoop through? For many people, the answer to both questions would be the cell phone. Why? Because what?s most indispensable tends to reveal the most. And what?s not found is also important. With cell phones (with PDA and GPS capabilities) that have gigabytes of storage holding a contact phone book, calendar, sent and received text messages, downloaded files, call logs, photos, videos, and .mobi Web site visits; and that syncs with computers, it?s an e-evidence goldmine or landmine.
CelleBrite UFED (Universal Forensic Extraction Device)
http://www.cellebrite.com/UFED-Standard-Kit.html
This system is a standalone device for performing cell phone and PDA forensics. To help ensure data integrity for court, extracted data is verified using the MD5 hash algorithm, an industry standard.
Packet Sniffers
Packet sniffers are like vacuum cleaners. They suck up everything in their path that they are looking for. Software demo downloads are available at the following sites.
MSN Sniffer 2
http://www.msnsniffer.com/
This software is for capturing chats, which are saved into a database for future analysis.
HttpDetect (EffeTech HTTP Sniffer) 4.1
http://www.effetech.com/
Captures IP packets containing HTTP protocol. It rebuilds and saves the HTTP communications and files sent through HTTP.
EtherDetect
http://www.etherdetect.com/
Supports live capturing for Intel wireless network adapter, Vista x86, and Vista x64. It captures full TCP/IP packets.
Forensic Software
You can?t start any investigation without using the right software. Give the software in this list a try.
Guidance Software
http://www.guidancesoftware.com
Arguably the most popular set of computer forensic software tools in use by law enforcement, corporate organizations, government organizations, and many others is its family of computer forensic tools used to work with mobile devices all the way up to entire networks. Guidance offers demo software at
http://www.guidancesoftware.com/corporate/demodiskrequest.aspx
AccessData
http://www.accessdata.com
Used by law enforcement, corporate, governmental, and private organizations for a variety of forensic applications, AccessData?s Forensic Took Kit is gaining in popularity and functionality with its FTK 2.0 version. The demonstration version of the software is at
http://www.accessdata.com/downloads.html
Paraben
http://www.paraben-forensics.com/
Considered one of the best mobile device forensic tool makers, Paraben has also produced forensic products that target traditional computer forensics such as desktop computers and has branched out into network forensics with its P2 Enterprise product. The demonstration versions of the software are available at
http://www.paraben-forensics.com/catalog/index.php?cPath=25
X-Ways Software Technology
http://www.winhex.com/forensics/
Based on the widely used Winhex tool, X-Ways Forensic has the same basic functionality of the more recognized forensic tools with some additional features, such as forensic RAM dumps. The software is also a fraction of the cost of the more popular forensic software packages. Use the following link to request a demonstration copy
http://www.winhex.com/forensics/
Helix
http://www.e-fense.com/helix/
A Knoppix Linux kernel at heart, Helix is a customized Linux live CD used for computer forensic applications and computer security response. A collection of tools included on the live CD give any experienced investigator a virtual toolbox to analyze a computer system. The software is free and is at
http://www.e-fense.com/helix/downloads.php
Insecure.org
http://www.insecure.org
Not so much a maker of forensic software, but a Web site with a collection of links to forensic and security tools, Insecure.org is an invaluable resource for finding tools and information for those cases that require knowledge or tools not found in traditional forensic resources. Password cracking software can be found at
http://sectools.org/crackers.html