response writing

Instructions: Add additional insight to these opinions or challenge the opinions. Use real world experience to support your views, as appropriate. 1) Forensic labs require a variety of tools and assets in order to accommodate numerous investigations and evidence possibilities that might be encountered. Hardware and software both are needed at times to handle highly complex situations, especially when a high vulnerability system is being investigated. Most labs will have stations and designated areas to ensure that each tool is used appropriately with the correct protocol followed for evidence and chain of custody (Digintel, 2018). The most commonly known hardware tool is a forensic duplicator, which are used to insert HDD or SSD devices so that an exact copy can be created for an investigator to analyze data without compromising the existing hard drive. These devices are simple in nature, but given the high integrity requirements can easily cost thousands of dollars. Another tool is an item called a forensic write blocker, which plugs into a system to protect the complex operating system - and the critical log information - that resides within. These tools are vital to protecting the integrity of investigation evidence and prevents write protections from being enacted on the device as long as the system is set up. For software, there is more diversity available as software can be duplicated and modified more easily than hardware forensic devices. This however does not always make them less expensive or less difficult to properly follow chain of custody. These forensic software tools include items from AccessData, who created the standardized Forensic Toolkit 6.0, which is used today in courts and is an approved, scalable software for data indexing, e-discovery, and much more (Digintel, 2018). Another software if the well known Belkasoft Evidence Center which comes as an all-in-one tool for extraction and analysis of a variety of evidence types. These types can include most email clients, web browser information, and even SQL databases and jumplists. Regardless of what tools are chosen, it is most important to follow correct procedures to ensure the most amount of accurate evidence is extracted and handled with care.

2) When it comes to tools, both hardware and software, that can be used for computer forensics, I think there are actually so many at our disposal that it can become confusing as to which ones are best. Like any IT field there will be preferred tools, or tools that an IT team has become most comfortable working with and can afford to continue using. It still is very important to understand what is available, because different cases will call for different typed of tool and methods. No one should become too comfortable because technology is always changing, and as computer forensic specialists we will need to learn the tools that have been created to combat new and specific types of attacks. Discovery will also differ if you are working with traditional servers or TAID storage, or something new such as cloud computing. So far there are many tools and tool suites that can be used as needed such as Sleuth Kid, Scalpel, DEFT Linux, Helix, and EnCase (Hunt & Zeadally, 2012). Some of the tasks one might need forensic tools to accomplish are varied also, and typically include packet sniffing, fingerprinting, mapping, and services to trace emails, URL’s, and honeypots. Wireshark is a great tool used for in depth traffic analysis. Another packet sniffing/capturing tool is NetworkMiner. DeepNines is a network forensic suite that also has the ability to act as a network defense system. There are several tools similar to DeepNines in the sense that they are both network forensic tools with a focus on network security. Snort is a very popular example. NetDetector is another example that searches for anomalies by analyzing signatures (Hunt & Zeadally, 2012). It is not necessary to be well versed in all of these tools, but it can be helpful to understand how they work, and what they can accomplish. This way they can be used when a certain situation arises, and we can also understand what the enemy has at their disposal as well.