Technical support of computer forensics
In this article we will refrain from covering the legal aspects of the production of forensic computer-technical examinations. However, at one point you still have to focus. In accordance with the requirements of procedural legislation, in the production of expert research, an expert is required to ensure that the object of research is preserved unchanged. Therefore, the production of computer-technical examinations “according to common sense”, by means of the regular inclusion of the computer under study, installing any programs on it and analyzing the available data, is unacceptable. Indeed, with such actions, the contents of the hard drive of the computer under investigation will inevitably change. Therefore, to conduct examinations in compliance with this requirement, special equipment and software are used.
Currently, the market has a sufficient number of hardware, hardware-software and purely software solutions for the production of computer-technical expertise. In addition to expert systems themselves, on the Internet you can find a significant number of “expert” utilities written by enthusiasts - from software blockers to write to your hard drive to programs to search for one or another specialized information. However, none of these utilities is a complex, complete solution that provides for the production of turnkey computer-aided technical expertise. If you systematize information about all the full-fledged expert systems on the market, you can come to the following table:
Obviously, all expert systems in their capabilities are not too different from each other. Each has a certain "competitive advantage". For example, EnCase works better than any other system with RAID arrays, Paraben Commander “understands” the largest number of email programs, and the Forensic Toolkit allows a highly qualified specialist to carry out some poorly formalized delicate operations in manual mode. Therefore, each user can purchase the system that best meets his needs.
Purely hardware for the production of examinations are not designed to work with the Cyrillic alphabet and therefore are poorly in demand on the Russian market. But often used hardware copy discs and write locks on the hard drive. At the moment, Tableau is the absolute leader in the market of hardware recording blockers (Tableau products in Russia are sold strictly through Guidance Software). This company produces locks for every taste - from luxury models like TD2u (the pictures below show this expert's dream come true right after unpacking and during use - copying a flash-drive to a similar drive and hard drive at the same time) to "consumer goods" like the T35 family.
In general, such hardware blockers connect to the expert computer via USB 3.0, FireWire or eSATA ports and allow reliable copying of data from hard drives (IDE, eSATA, SATA and laptop), flash drives and memory cards.
To be continued in the next post.
Currently, the market has a sufficient number of hardware, hardware-software and purely software solutions for the production of computer-technical expertise. In addition to expert systems themselves, on the Internet you can find a significant number of “expert” utilities written by enthusiasts - from software blockers to write to your hard drive to programs to search for one or another specialized information. However, none of these utilities is a complex, complete solution that provides for the production of turnkey computer-aided technical expertise. If you systematize information about all the full-fledged expert systems on the market, you can come to the following table:
Obviously, all expert systems in their capabilities are not too different from each other. Each has a certain "competitive advantage". For example, EnCase works better than any other system with RAID arrays, Paraben Commander “understands” the largest number of email programs, and the Forensic Toolkit allows a highly qualified specialist to carry out some poorly formalized delicate operations in manual mode. Therefore, each user can purchase the system that best meets his needs.
Purely hardware for the production of examinations are not designed to work with the Cyrillic alphabet and therefore are poorly in demand on the Russian market. But often used hardware copy discs and write locks on the hard drive. At the moment, Tableau is the absolute leader in the market of hardware recording blockers (Tableau products in Russia are sold strictly through Guidance Software). This company produces locks for every taste - from luxury models like TD2u (the pictures below show this expert's dream come true right after unpacking and during use - copying a flash-drive to a similar drive and hard drive at the same time) to "consumer goods" like the T35 family.
In general, such hardware blockers connect to the expert computer via USB 3.0, FireWire or eSATA ports and allow reliable copying of data from hard drives (IDE, eSATA, SATA and laptop), flash drives and memory cards.
To be continued in the next post.