Numerous computer forensic tools help in the process of backing-up data, such as disk imaging software; with this software, the data on hard drives can be traced, and there are several different types of disk imaging software currently available. Data capture can be done with FTK Imager or Microsoft’s Disk2vhd. Next, hashing tools compare data between an original and copy of a hard drive by analyzing the data. File recovery programs are another useful tool that allows lost data to be recovered; these programs search a PC for data that isn’t deleted yet, just marked for it. Also, software and hardware write tools enable a hard drive to be rebuilt bit-by-bit; however, this doesn’t change the data, but merely creates a copy of it.  Finally, Encase is one of my favorite tools that performs several tasks like disk imaging/verification and data analysis.         

Many of these tools are free to download, and some can be quite costly. Many free versions usually exist; it just might be made by a different company. I would personally use SANS SIFT (Sans Investigative Forensic Toolkit) due to it having all the tools one could require for an in-depth forensic investigation. A free SIFT toolkit is also available that can match any modern-day device regarding functionality. SIFT supports the analysis of Expert Witness Format, RAW, and AFF evidence, and the UI of the program is easy to view and use. SIFT features cross-compatibility between Linux and Windows as well! This week’s reading discussed Autopsy quite heavily, and its functionality seems to be somewhat similar to other forensic tools; to get a better understanding of how it works, I will have to try it out for myself (always fun). Computer forensics tools and training are essential as computers don’t lie, and we all run into problems or conflicts every day that require help from data identification and retrieval methods.

References

Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.

Bunter, B. (2010). Computer Forensic Tools – An Overview. Retrieved June 03, 2020, from http://www.brighthub.com/computing/smb-security/articles/59803.aspx.