Computer Forensics Case Assessment and Triage
At present, in 2009, it is commonplace for digital forensic units to have a backlog, several as long as twelve months. Many units have increased in size but have still continued to have a backlog and it is suggested that bringing more staff into a unit will not on its own reduce the backlog of work. This paper discusses how cases submitted to units can be assessed and prioritised, and how software triage can be used to target resources more efficiently.
Read the Article
|
WinHex
WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.
Read the Article
|
Mobius Forensic Toolkit
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Read the Article
|
Chek_env
This is a 16 bit program which can be used to check if an environment variable has been set. If the variable is set, the program can check the value of the variable and report an error level based on the results of the check. If used in a batch file, this program can be used to switch between different paths of execution.
Read the Article
|
Ch
This is a 16 bit program to be used instead of the DOS cd (change directory) command. It is more intelligent and will increase the user's efficiency when using the change directory command. Ch is modeled after the UNIX chpath environment variable setting which allows users an easy way to change directories.
Read the Article
|
CacheInf
Read/Delete information from internet cache.
Read the Article
|
BXDR
This utility will display the FULL sector count on a hard disk drive, including any "protected areas" that utilities such as SafeBack and Encase miss when imaging. BXDR will also allow you to resize a hard disk and will display whether a disk is password protected. BXDR was the first commercial tool to allow a user to set and unset the Host Protected Area.
Read the Article
|
bsed
bsed searches for a binary string in a file. If a replace string is given, bsed copies infile to outfile, replacing all instances of the search string with the replace string.
Read the Article
|
Bsearch
Using a very fast, binary search algorithm the Bsearch program allows you to search a file(s) for occurrences of specific keys. The program allows you to search a fixed length record file on a sorted field for the occurrence of specified search keys. Because of the algorithm used, the search is almost instantaneous. Consider the bsearch algorithm similar to searching an indexed data base for a key in one of the indexed fields. The response time is negligible.
Read the Article
|
Brandit
Brandit is designed to allow administrative officials the capability of putting "ownership" information on hard disk drives. This information will generally contain ownership and assignment information. When a branded computer is stolen and later recovered by police, they can run their reader copy(downloadable for free at this website) and identify its owner. It does not require any external monitoring station. Brandit is also used for inventory and assignment control purposes within corporations and organizations.
Read the Article
|
