SANS Digital Forensics and Incident Response Blog: Author - jenniedelucia

Digital Forensics Case Leads: Using VMWare for Forensic Analysis

I have a lot of students ask me about different options for case management/forensic analysis tools besides commercial based products. As we know,VMWare Desktop is not free, you can download a free trial copy for 30 days and utilize the SIFT Workstation (for example). I also recommend the bootable Knoppix-like CDs for live analysis and contain case management as well. Here is a great tutorial from Forensic Focus on using VMWare as a forensic tool.

Tools:

  • VMWare and SANS Sift Workstation. The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format

...


Digital Forensics Case Leads: FTK's updates

Whether you use FTK or Encase, commercial products have incredible functionality that can be utilized in conjunction with open source computer forensics tools.For this week's Digital Forensics Case Leads, I wanted to focus on the updates to FTK. With commercial based products, just like with open source, it is a matter of preference which tool you want to add to you forensic arsenal.

Tools:

  • Forensic Toolkit (FTK') version3.1.2 was released May 17th with a 'New and Improved'section including 'View This Item in a Different List' feature that allows the user to right click on a folder, then go to that folder in a Graphics tab and see the files inside as well asimproved identification of JavaScript Object Notation (JSON) files such as those found in programs like FaceBook.
  • For the Password Recovery Toolkit'(PRTK') version6.5.1,and Distributed

...


Digital Forensics Case Leads: Mobile Device Digital Forensics

Due to the increasing number of identity theftincidents that occur in the corporate setting by disgruntled employees (e.g. stealing information via USB or mobile devices) orsimply by the lack of proper security awareness training (encrypting sensitive information and/or what mobile devices can or can't be used), it's imperative for organizations to become better equipped and skilled in dealing with digitalforensics on mobile devices.

So where do you start and what are the best tools to use?

Tools:

  • Eoghan Caseywrites about using file system tools such as the Sleuthkit to examine Windows Mobile Devices.
  • Lance Mueller gives an excellent breakdown of different Windows Mobile Device forensics tools at his blog