MARIO DESIRE CENTRAL PIEDMONT COMMUNITY COLLEGE COMPUTER FORENSICS TOOLS AND INVESTIGATIONS TYPES OF FORENSICS TOOLS MountManager can point options of mounting for different partitions

MARIO DESIRE
CENTRAL PIEDMONT COMMUNITY COLLEGE

COMPUTER FORENSICS TOOLS AND INVESTIGATIONS

TYPES OF FORENSICS TOOLS

MountManager can point options of mounting for different partitions, it can also mount images. Today in forensic work, we can use different ways to investigate data in digital evidence. It requires identification, collection analysis and authentications. Some of the phases of a computer forensics investigations are Hashing, recover hidden files, decrypt and access protected files, Autopsy, GHEX, and Digital forensic framework.

.

A forensic hash is a process of mathematical functions and when you use that function to the collected data, it gives you a hash value that is unique. Each hash value has to be unique. Hash is a fixed size of string numbers. Slight change will produce an entirely different hash value. It is impossible to produce same hash value when entering a different input. Hash is similar to fingerprint. It can perform hash on any different type of files such as text or video, program. There are many types of ways that can be used to hash a message such as MD5, SHA1. MD5 AND SHA-1 are more complex forms of algorithms. MD5 helps verify data integrity and any corruption by comparing the hash values. SHA-1 is used by big corporation to compare password. It can also be used to validate of the data of the forensic work.

In Autopsy forensic tool, you can use it to investigate everything that is in a computer, such as files, pictures from a memory card. The program use data source inside a disk image where it extracts recent user activity such as web browser. It also can identify file types., it also extracts embedded files., it also can do keywork searches. Autopsy can also perform hashing on a file and directory.

Digital forensics framework is a tool to reveal digital evidence without compromising the system data. It is a platform that is built on top of existing application. You can access to local and remote devices such as disk drives, removable devices, remote file system. It can also recover hidden and deleted files, folders, and it can read standard digital forensics file formats.

A computer stores everything in binary numbers. GHEX is a binary editor. You can view and edit binary files in both hex and ascii. GHEX allows to download any data from any file. It is used for debugging problems. It does the conversion automatically for you in the file. GHEX features include replacing functions, conversions between binary, octal and decimal, hexadecimal values. GHEX editor is useful when examining data at the binary. It can open big files or local drives.
Preservation of evidence is the most important tool. Investigators have to make sure no one tampered the evidence before performing any type of forensic work. Computers are getting more powerful. In today’s world, computers can hold as much as terabytes of data, and investigators must find a way to sort through them. Forensic work is important because investigators realized that there is a need to create specific tools to search computer without affecting the data in the computer. Today, they are more equipped with many tools such as above to make retrieval of evidence easier.
.