Central Washington University Computer Forensics Discussion Reply

respnse to discussion below

I would like to start by saying  I have no experience with tools used in computer forensics. I learned  about some in my previous digital forensics course. For this discussion I  used opinions I found from others online and then did some research on  those tools that I believe would be the top five. There are plenty of  tools to choose from, but the ones I believe to be in the top five are  EnCase, X-Way Forensics, Volatility, Registry Recon, and Xplico. 

EnCase  is a great multi-purpose tool. This tool can rapidly gather data from  various devices and unearth potential evidence [1]. EnCase is also great  for producing easy to understand reports that can be used in court.  This device widely used and accepted in courts. This is a bit of a  learning curve, but once you understand the tool, it is great at helping  examine evidence. 

X-Ways Forensics is an advanced platform for  digital forensic and runs on all versions of Windows. X-Way Forensics is  portable since it runs off of a USB stick. X-Ways Forensics is based on  the WinHex hex and disk editor [2]. According to X-Way some of the  features include disk cloning and imaging, read partitioning and file  system structures, data recovery techniques, data interpreter, access to  disk, RAIDS, and images over 2TB in size, and a ton of other features  [2]. From what I found, X-Way seems like a well rounded product. 

Volatility  is a memory forensics tool. It may be used in incident response and  malware analysis. With this tool, you can extract information from  running processes, network sockets, network connection, DLLs and  registry hives. It also has support for extracting information from  Windows crash dump files and hibernation files [1]. While this tool may  not be an all-around digital forensics tool, it is still great for what  it can do. It is able to work with Windows and Linux [3]. Volatility is  also free to use. 

Registry Recon’s name speaks for itself. It is a  digital forensics tool to analyze registries. This tool is not free, it  cost $399. This tool is able to rebuild registries that have existed on  the Windows system over time [4]. This is great because registry data  can be deleted due to system activity, re-imaging, or a user trying to  hide something. Like others, this isn’t a all-around tool, but it is  great if current and past registries need to be investigated. 

The  final tool that I choose for my top five is Xplico. Xplico is open  source and extract data from applications that use the Internet [1].  Protocols supported are HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, etc  [5]. Output data and information is in the form of SQLLite database.  While this is not an all-around tool, it is great for what it does. It  is a great addition to any digital examiners toolbox. 

The five  tools I choose were EnCase, X-Way Forensics, Volatility, Registry Recon,  and Xplico. Each tool is great in its own way and it is good practice  to not rely on just one tool when performing work. EnCase is a great all  around tool and X-Way Forensics is great that it is portable; being  that it is on a USB thumb drive. Volatility is great when working with  memory. Registry Recon is used when investigating within the registries  of a system. The last tool, Xplico, is a great tool when dealing with  applications that connect to the internet.