ISSC_621 WK 3 Forum Word 400
Computer Electronics & Investigation Tools
Create an investigative toolkit. What tools would you have in your toolkit? Document the following:
* the features of each tool
* how much does each tool cost (if applicable)
Feel free to ask me if you need help
Example of someone if you need
The investigative toolkits that I am currently planning to acquire is an advanced mobile forensic toolkits. The kit is a laptop with various hardware and software needed for various forms of examinations. The kit will cost, aproximately, $18,500.00-with first year SMS for each paid software.
The softwares I chose (to post on the forum) are EnCase and Forensic Toolkit (FTK). This post covers the pros, cons and cost of each software.
EnCase is a product which has been designed for forensics, digital security, security investigation, and e-discovery use. It is customarily utilized to recoup proof from seized hard drives. It enables the examiner to direct a top to bottom investigation of client records to gather digital evidence can be used in a court of law. The benefits of using EnCase as opposed to other tools are that: It is a very user-friendly tool with user-friendly interface. Its’ paid version supports all utilities; it has a free version, which can be used for evidence acquisition-very easy to use. The tool has good reporting functionalities built into it. Encase has built in support for almost all types of encryption. It has a good keyword searching capabilities and scripting features are available. Most users have expressed the following concerns about Encase: This is a very expensive tool. Price range from $3, 500 to $4,000 excluding annual subscription fee. EnCase processing can take a lot of time in case of very large compound files and mailboxes. Some examiners have reported that the latest versions of Encase sometimes are not compatible with other forensic based tools.
The Forensic Toolkit (FTK) examines a hard drive by searching for different information. It can find deleted emails and can scan the disk for content strings-used as a secret key word reference to break any encryption. It incorporates an independent disk-imaging program called the FTK Imager. It saves an image of a hard disk in one document or in different segments, which can then be recreated later. It computes MD5 hash values and affirms the integrity of the information before closing of the documents. The outcome is an image file(s) that can be saved in a several formats. FTK’s main advantages had been: simple user interface and advanced searching capabilities, supports of EFS decryption, production of case log file, and bookmarking and salient reporting features. Some of the disadvantages of using FTK include: high cost ($3900.00), not having multi-tasking capabilities, no progress bar to estimate the time remaining, and no timeline view.
Infosec Institute: Retrieved from https://resources.infosecinstitute.com/category/computerforensics/introduction/commercial-computer-forensics-tools/tool-comparison/#gref
Hello Professor and Class,
The business objective for having a forensics’ toolkit is to remotely, simply, and without disrupting business operations, conduct the following in response to potential incidents and/or litigation. The aim is to provide remote forensics and incident response capabilities to support HR or Legal requests for discovery of electronic data (Belton, 2018).
Incident response triage and threat assessment
Proactive cyber threat hunting
Litigation hold; collection and preservation of evidence
I was able to interview an IT Security Forensic Engineer. His experience (likes/dislikes/pricing) with the EnCase suite of digital investigations products by Guidance Software is captured here.
EnCase Endpoint Security $128,245
The ability to quickly collect volatile data from multiple endpoints at once
Active network connections
Ability to collect files for further analysis from multiple endpoints at once
Ability to perform threat hunting across the enterprise network (or subsets of the network)
Ability to integrate threat intelligence to score indicators of compromise, giving the ability to prioritize analysis
Ability to schedule
The software installs several processes as services. Several of the services stop running arbitrarily
Ability to collect files and documents from multiple platforms, such as email servers, SharePoint, and cloud-based repositories
Interface is not very user friendly
EnCase Endpoint Investigator $35,145
EnCase Endpoint Investigator
Ability to perform sweeps across the network for endpoint volatile data
Ability to forensically acquire physical hard drives, logical files, and volatile data remotely.
Ability to preview the file system of remote workstations before acquisition
Unable to manage the remote agent from a centralized platform