Assignment

Instructions: Add additional insight to these opinions or challenge the opinions. Use real world experience to support your views, as appropriate.

1) For my investigative toolkit I would choose CAINE, this is not just a single tool butbut an entire linux OS that integrates many of the software tools in a GUI. This means that you will have a user friendly interface to utilize all of the tools in one place. The second reason is because it is open source, just starting my career and being a student utilizing open source tools is a must.

There are many different features included with this OS, one is the block device in read-only mode which allows the drive to be preserved. Mobile Forensics is a feature that implies what it does with its name, mobile forensics is a different OS so that needs a different software to accomplish. Features are also included to do all different kinds of memory and network forensics.

Another big feature is that CAINE comes with scripts that allow the examination of any files simply without having to manual search through all of the files. Manually searching browser history, registries and deleted files can be done but with these scripts it will automatically search and find useful information.

Another useful feature is that it allows the ability to run on a live system that grabs browser history, passwords, cookies with little to no effort.

All in all, there may be more specialized tools but none that I could see that come in a user friendly way with many of the tools and features that you can get piece meal from a bunch of different software that you can get by just acquiring this OS toolkit.

The downsides that come with this software suite or toolbox is that there is a lack of support and documentation for this toolbox. Which means that any issues that arise with the software will not be fixed and learning the software will have to be done be self teaching.

2) One of the most intriguing parts about computer forensics are the tools used conduct investigations. There are several open source tools, but most are only available to law enforcement. Law enforcement and the companies marketing these forensics products don't want every criminal to know the ins and outs of the tools, so they are less likely to know how to defeat them. These tools may also pose a privacy concern to the everyday citizen, and to quench any outcry, the company only provides them to trusted partners.

Being that I'm not in law enforcement many of these tools I am just now learning about. There may be better choices, but I have no practical experience yet. My choices also are not limiting only open source, so assuming I have access to restricted tools and money is no object.

DEFT Linux Live CD- Provides tools for almost any job. This tool is the Swiss Army knife of tools, because it incorporates almost everything I can think, from bitstream file copy (dc3dd), network analysis (WireShark), supports bit locker drives and includes many cracking tools. If I could only choose one tool to have on me, it would be a live cd like DEFT. Downside is its free for anyone, giving the criminal the ability to try and use the tools to their advantage. The upside is its free for anyone, so anyone can use the tools and learn them at no cost.

COFEE is a free tool to law enforcement that provides over 150 commands and is reportedly was released to allow law enforcement to work on systems using bit-locker. Of note is that the system has to already be running which suggest the encryption key has already been entered, and the tool is not some sort of back door into bit locker.

Still Running- E-fense Live Response allows first responders to quickly copy useful system information including the contents of RAM. The product is a USB that when inserted allows you to select which items you would like copied from an GUI menu. There are many useful items such as the registry, network connections, logged on user and other user accounts, internet history and many more. The disadvantage of this tool is it doesn't seem to do a bitstream copy of the storage device, which would provide much more information. The advantage though is the device is small and works much faster than a copy would which allows it many more use cases, such as parole officers. Cost $675.

Because it was in the syllabus- AccessData FTK is a toolkit that facilitates the collection and analysis of evidence, can help crack passwords, recover deleted data, and build reports. The tool claims to be able to recover passwords to over 100 applications and have a KFF hash library. Customer needs to

These are some of the tools I would choose. In reality I would use what I was provided and trained on. There might be better tools for the job, but they are of not use if they are cost prohibitive or If the investigator isn't trained on the tool adequately to where it will hold up to scrutiny in court.

Number of Pages: 2 Pages.