Data Acquisition and Analysis
Part II.
What types of forensic image formats does Adepto support?
First Computer forensic software is going to be the stress of the note on Computer Forensic Tools which is Adepto, Adepto is an imaging processor that parts on the Helix Live CD and essential to the drive imaging software GUI (Graphical User Interface) that use for DD and DCFL-DD in commanding the imaging software that essentially use to create a forensically media services and sound imaging and so on. As today it fall into the discussion of Computer Forensic the goes to the board of categories the file up the tools to those drives which exquisite type to analyze and grab anything to do the certain program intended for that software that supported with different MD5 for corruption prevention shield and be a good program.
Adepto is being sum up to the categories that comes to Helix Live Forensic CD and probably the popular or suitable case for Adepto, Right now it is also open for E-fence the created for certain purposes like in Business model and subscription based content where monetary transaction undergoes for current updates and version. On the other hand the older version are strain from the content of old suitable tool formats for Adepto like v1.9 and v2.0 that out to use the Adepto only in Disk Imaging tool under of Helix on Linux but it is also vital in Helix Forensic Booting on CD that front also in DD or DCFL-DD in doing decision and options to block the destination drives and finish the program to ahead the different drive system.
What kind of write blocking does Helix provide?
The Forensics first need to identify the know-how of all legal procedure in the technical information that must be gather and preserve for evidence that has a liability to present the gathered information by the prosecutor of the Forensic Investigation to defend the activities needed to proven on the court, to properly set up the case not be thrown up to which extent the company will cost a higher profits on the case.
They’re several available blocking tools Helix provides to ensure the proper process and guidance on Software’s in the industry of forensic tools in the outmost industry of alternative open source.
Guidance Software's EnCase
Encase has an ample support of availability to support the evidence on every operating system that engages to Encase images and hard drives partitions on proper format in which the sum of equal chunks of read information were serves as integrity for the benefit of rapid and accurate data analysis in hash failure.
AccessData's Ultimate Toolkit
It incorporate the password recovery system that able to crack any file and enhanced it registry system to illuminate the hidden access on keys and disk wipers also has an ability to response quickly on retrieving the e-mail catalog on any stored format also adept on graphics and display reports in an organize manner.
E-fense’s Helix
It is created by Helix Forensics that has an open source of Linux distribution which is designed for specific security on based popular Knoppix that remains in aiding the digital analysis and has an ability to file the systems to Ext2/Ext3, in less common post mortem system.
Paraben's NetAnalysis
This tool can examine the AOL history files and reform the cache for recovery viewing on Internet History files that identify the cookies and URL decoder.
Explain the advantages and disadvantages of different write-blocking techniques for forensic imaging.
Advantages
Guidance Software's EnCase
Utilize an extremely supple Unix facility that perform can execute an live system in a well organized detailed reports for business system
AccessData's Ultimate Toolkit
It can manage the case system completion and possession that polished every flexible reports that can be easily determine onto the auto play, in addition, it is also capable of all uni-code table that can be easily installed to CD-ROM distribution.
e-fense's Helix
Among all the given tools this software gains the featured pack Sleuth Kit that has an interface in Autopsy Browser used in tandem, that gives the graphical analysis standard on practical functions on commercialized products.
Paraben's NetAnalysis
This tools is exquisite for examining e-mail, and password recovery and log history on powerful operating system and web services.
Disadvantages
Guidance Software's EnCase
It has an enterprise version that is expensive to afford and addition tools and features are needed to purchase to work perfectly
AccessData's Ultimate Toolkit
This typical tool can only be performing in the completion and capabilities which is installed for CD-ROMs only.
E-fense’s Helix
Though the tools is a shareware, it is inexpensive but lacks in technical support and needed to drawback the unfixed bugs which Helix can be used.
Paraben's NetAnalysis
Although this tool has an extensive used, it still not popularized in the industry as well as Encase and AccessData software’s
Why would a forensic examiner possibly select a different cryptographic hash type from MD5?
A forensic Examiner has a reason to choose MD5 (Message-Digest algorithm 5) in a reason of its well known cryptographic purpose in hash value in a 128-bit and most widely used in security based applications and on integrity files. Also has the value to completely change the forgery bit value contents to be modified and to generate the sane result as the original? It is also set to sum the most critical system application in a compact detailed way to check the cryptographic algorithm sources provided.
What are some reasons that make Helix a forensically sound method for forensic collection of digital evidence?
This has an collection of digital evidence in order of actual based life important clearly aspects in expanding the field of forensics, this application are built to be a removable media and vitalizing a RAM that is untraceable on a hard disk, root kits are undetected on every operating system in using on local binaries on analyzing the memory and also it is full RAM resident on hard disks, users can covert the encrypted files on the area of regularizing the hidden drive to hide the substantiation, added to this Web 2.0 continue to browse the tracks on log on files of current and past activity created. Lastly it is popular on most web browsers on storage and communication beyond its tradition user machine found in hard disk and drives extending the mass use
What is the significance of the Chain of Custody PDF form from Adpeto? Why is it needed?
The Chain custody is document to escort any sample that had been sent to the company that yet before process on the test sample, it also contain an important details that must be filled out in further accurate results on providing the Chain custody, in use of Adepto is helps a lot by this performance on upgrading and debugging the form file for safety and shield protective reason and enhancing its exquisiteness.
What is the significance of the Adepto logs? Why are they needed?
It is a highly used toolbox on dual mode system that specializes the valuable system of administrator that are not proficient in Linux, it also permits the approach of problems with some several procedures in trying to catch up the logged problems encountered on the program escalating its modes.
It is needed to have a stable package with a wide range of utilities to increase the capability on responding the threats and complications that the environments are experiencing.
What is the significance of the forensic investigator’s individual reports and logs?
It is significant on logs especially in data breaches, hacking attacks, so on to the extent of some threats of the security on issuing the basis. By the deterrent measures towards the intrusion on detected services and preventing the data’s to be corrupt externally in an instance of illegal misuse on internal profession. That has learning techniques acquiring the data report through the computer forensics analysis needed to determine the deceptive activity taking place.
Why are cryptographic hashes such as MD5 and SHA1 needed? Why would an investigator not use a CRC or some other value?
Cryptographic hashes has a function on algorithm taking place on arbitrary blocking the data returns and fixed bit sizes, in such any value of changing the data that to be encoded to the message if the called message digest in function on having many complication standard in forms that can also be tagged as the ordinary index data identified as the authentic security context the cryptographic values called as the fingerprints and checksums on hash values.
Investigator should not use any other means in most certainty beyond the contact of prevented breaking system that has a security on deemed in importance of malicious agent that usually grows the length of digest advantages in neutralizing the dozen bits of process latter in some specific meaning, that is not solvable in securing the hash function algorithm that can do the fast times enough in making a feasible attacks converse to a polynomial activity arriving by the many slow practices.