Knowledge OF the Windows operating system will aid any forensic expert to investigate the operating system effectively. Businesses and governments are hiring forensic experts to piece together what happened leading to cybercrimes such as fraud, industrial espionage and fishing. Computer forensic analyst requires special tools and toolkits to perform forensic audits. Some of the tools include;
Access Data Forensic Toolkit
Access Data Forensic Toolkit is a refined product that is in the third version and is used by industry professionals. The tools is smart in facilitating keyword searches, graphics review, email archive, parsing, compound file extraction and excellent build in file views. The previous versions supported HFS filesystem and the latest release (version 3) have been improved to support real analysis capabilities.
FTK reads DMG archives such as binary and XML Property Lists (PLIST) SQLite databases, JSON files, B-trees, and Apple Mail. This is applicable for organizations that lack volume of cases to support Mac-based forensic workstations. Remote Access functionality is also enabled in FTK to support remote analysis through agents installed via the network. Access Data recommends installation of agents in Windows platforms to support physical or logical drive imagery, memory image and remote mounting.
SANS Investigative Forensic Toolkit
SIFT is a computer forensic VMware appliance configured to perform detailed forensic examination. It is compatible with expert witness format and advanced forensic tool of Ubuntu operating systems.The tool is used to securely examine raw disks, multiple file systems and advanced formats. File system support include MS-DOS, FAT, VFAT, and NTFS FOR Windows platforms, HFS for Mac, UFS for Solaris and ext2/3 for Linux systems.
The software has Sleuth Kit for file system analysis, Wireshark for network forensics, Rifiuti for recycle bin examination and Autopsy for GUI front end examination among others.
Reference
Cameron H. Malin, E. C. (2008). Malware Forensics:Investigating and Analyzing Malicious Code. Syngress.
Sharma, D. P. (2009). Foundation of Operating Systems. Excel Books India.
