ISSC_621 WK 3 Forum Word 400

Topic:
                   Computer Electronics & Investigation Tools

 
Question:
Create an investigative toolkit.  What tools would you have in your toolkit?  Document the following:
*  the features of each tool
*  how much does each tool cost (if applicable)
*  advantages/disadvantages

Don't use plagiarized sources. Get Your Custom Essay on
ISSC_621 WK 3 Forum Word 400
Just from $10/Page
Order Essay

Feel free to ask me if you need help
Example of someone  if you need

1 example
 
The investigative toolkits that I am currently planning to acquire is an advanced mobile forensic toolkits. The kit is a laptop with various hardware and software needed for various forms of examinations. The kit will cost, aproximately,  $18,500.00-with first year SMS for each paid software.
The softwares I chose (to post on the forum) are EnCase and Forensic Toolkit (FTK). This post covers the pros, cons and cost of each software. 
EnCase is a product which has been designed for forensics, digital security, security investigation, and e-discovery use. It is customarily utilized to recoup proof from seized hard drives. It enables the examiner to direct a top to bottom investigation of client records to gather digital evidence can be used in a court of law. The benefits of using EnCase as opposed to other tools are that: It is a very user-friendly tool with user-friendly interface. Its’ paid version supports all utilities; it has a free version, which can be used for evidence acquisition-very easy to use. The tool has good reporting functionalities built into it. Encase has built in support for almost all types of encryption. It has a good keyword searching capabilities and scripting features are available. Most users have expressed the following concerns about Encase: This is a very expensive tool. Price range from $3, 500 to $4,000 excluding annual subscription fee. EnCase processing can take a lot of time in case of very large compound files and mailboxes. Some examiners have reported that the latest versions of Encase sometimes are not compatible with other forensic based tools.
The Forensic Toolkit (FTK) examines a hard drive by searching for different information. It can find deleted emails and can scan the disk for content strings-used as a secret key word reference to break any encryption. It incorporates an independent disk-imaging program called the FTK Imager. It saves an image of a hard disk in one document or in different segments, which can then be recreated later. It computes MD5 hash values and affirms the integrity of the information before closing of the documents. The outcome is an image file(s) that can be saved in a several formats. FTK’s main advantages had been: simple user interface and advanced searching capabilities, supports of EFS decryption, production of case log file, and bookmarking and salient reporting features. Some of the disadvantages of using FTK include: high cost ($3900.00), not having multi-tasking capabilities, no progress bar to estimate the time remaining, and no  timeline view.
Source:
Infosec Institute: Retrieved from https://resources.infosecinstitute.com/category/computerforensics/introduction/commercial-computer-forensics-tools/tool-comparison/#gref

Second Example  

 
Hello Professor and Class,
The business objective for having a forensics’ toolkit is to remotely, simply, and without disrupting business operations, conduct the following in response to potential incidents and/or litigation.  The aim is to provide remote forensics and incident response capabilities to support HR or Legal requests for discovery of electronic data  (Belton, 2018).

Forensic examination
Incident response triage and threat assessment
Proactive cyber threat hunting
Litigation hold; collection and preservation of evidence

I was able to interview an IT Security Forensic Engineer.  His experience (likes/dislikes/pricing) with the EnCase suite of digital investigations products by Guidance Software is captured here.
EnCase Endpoint Security                  $128,245

Likes

The ability to quickly collect volatile data from multiple endpoints at once

Active network connections
Running processes
Open DLLs
RAM

Ability to collect files for further analysis from multiple endpoints at once
Ability to perform threat hunting across the enterprise network (or subsets of the network)
Ability to integrate threat intelligence to score indicators of compromise, giving the ability to prioritize analysis
Ability to schedule

Dislikes

The software installs several processes as services.  Several of the services stop running arbitrarily

EnCase eDiscovery

Likes

Ability to collect files and documents from multiple platforms, such as email servers, SharePoint, and cloud-based repositories

Dislikes

Interface is not very user friendly

EnCase Endpoint Investigator                        $35,145

EnCase Endpoint Investigator

Likes

Ability to perform sweeps across the network for endpoint volatile data
Ability to forensically acquire physical hard drives, logical files, and volatile data remotely.
Ability to preview the file system of remote workstations before acquisition

Dislikes

Unable to manage the remote agent from a centralized platform

Calculator

Calculate the price of your paper

Total price:$26
Our features

We've got everything to become your favourite writing service

Need a better grade?
We've got you covered.

Order your paper

Order your essay today and save 15% with the discount code ATOM