Forensics IT methods Windows live response to kick I need help creating a forens

Question

Forensics IT methods Windows live response to kick I need help creating a forensic tool kit. Need help with making the CD bootable so can we use without putting malware or any malicious code. List of codes including a description of each to its functionality And why you selected each tool in the development for the tool kit Research available computer friend six tools, open source and commercial look for both windows and you UNIX tools. Forensics IT methods Windows live response to kick I need help creating a forensic tool kit. Need help with making the CD bootable so can we use without putting malware or any malicious code. List of codes including a description of each to its functionality And why you selected each tool in the development for the tool kit Research available computer friend six tools, open source and commercial look for both windows and you UNIX tools. Windows live response to kick I need help creating a forensic tool kit. Need help with making the CD bootable so can we use without putting malware or any malicious code. List of codes including a description of each to its functionality And why you selected each tool in the development for the tool kit Research available computer friend six tools, open source and commercial look for both windows and you UNIX tools.

Explanation / Answer

Below is the list of open source and commercial look for windows and Linux:

#1. Caine:(Computer Aided INvestigative Environment): It was an Italian GNU/Linux live distribution developed for Digital Forensics project. It has got live distribution as a Digital Forensics project. The design objectives for Caine were below:
1. It was an interoperable environment that supports the digital investigator during the four phases of the digital investigation.
2. It has a user-friendly graphical interface and tools.
3. It has read only mode option when we use GIU named write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode- write-blocking method assures all disks are really preserved from accidentally writing operations because they are locked in Read-Only mode
4.When you want to write to a disk you can unlock it with BlockOn/Off or use "Mounter"(which changes it to writable mode).
5. It is always faster during its booting time.

#2. Deft:(acronym for Digital Evidence & Forensics Toolkit)
Deft is linux base live CD which bundles some of the most popular free and open source computer forensic tools available
The DEFT system is based on GNU Linux; it can run live (via DVDROM or USB pen drive), installed or run as a Virtual Appliance on VMware or Virtual box. DEFT employs LXDE as desktop environment and WINE for executing Windows tools under Linux. It features a comfortable mount manager for device management.

#3. SANS SIFT:
The SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu-based Live CD which includes all the tools you need to conduct an in-depth forensic or incident response investigation.
Keys feature for SIFT:
1. It has better memory utilization.
2. Auto-DFIR package update and customizations
3.Cross compatibility between Linux and windows.
4. It has latest forensic tools and techniques

#4. Volatility
Volatility is a memory forensics framework for incident response and malware analysis that allows you to extract digital artifacts from volatile memory (RAM) dumps. Using Volatility you can extract information about running processes, open network sockets and network connections, DLLs loaded for each process, cached registry hives, process IDs, and more.

If you are using the standalone Windows executable version of Volatility, simply place volatility-2.1.standalone.exe into a folder and open a command prompt window. From the command prompt, navigate to the location of the executable file and type “volatility-2.1.standalone.exe –f <FILENAME> –profile=<PROFILENAME> <PLUGINNAME>” without quotes – FILENAME would be the name of the memory dump file you wish to analyse, PROFILENAME would be the machine the memory dump was taken on and PLUGINNAME would be the name of the plugin you wish to use to extract information

#5. FTK Imager

FTK Imager is a data preview and imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, and review the content of forensic images or memory dumps. Using FTK Imager you can also create SHA1 or MD5 hashes of files, export files and folders from forensic images to disk, review and recover files that were deleted from the Recycle Bin (providing that their data blocks haven’t been overwritten), and mount a forensic image to view its contents in Windows Explorer.

When you launch FTK Imager, go to ‘File > Add Evidence Item…’ to load a piece of evidence for review. To create a forensic image, go to ‘File > Create Disk Image…’ and choose which source you wish to forensically image.

#6. Linux ‘dd’

dd comes by default on the majority of Linux distributions available today (e.g. Ubuntu, Fedora). This tool can be used for various digital forensic tasks such as forensically wiping a drive (zeroing out a drive) and creating a raw image of a drive.

Note: dd is a very powerful tool that can have devastating effects if not used with care. It is recommended that you experiment in a safe environment before using this tool in the real world.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.