One of the more exiting lectures I have been waiting for has been on the topics on Forensics Lab and Forensics Tools. During the summer I have actually been building myself a computer forensics lab, collecting equipment and planning the setup. I have also some experience with many of the tools commonly used (FTK and so on) – but I have eagerly been awaiting a proper introduction to it.
Firstly I am glad to see many of my previous assumptions have been correct. Many of the typical hardware and physical tools are in place, and I can see that my “naked” lab are going to perform the way it is intended once completed. Regarding tools there has been an issue regarding licensing. Some of the tools I would prefer are way too expensive to buy whilst being a student. Luckily there is a number of great tools available for free, and also – we will be playing around with my favourite tool so far – FTK.
In the past I have also tried other Accessdata products, like the MPE+ (Mobile Phone Examiner). It is a great and intuitive tool that finds the data you want quickly, and also lets the user do it without too much hassle. But the overall features can be dissapointing. The analysis features are lacking, and the report creation is a joke. This was confirmed by the professor that most of the report generation for these systems are horrible, and you should rely on creating your own designs.
So for now, there has been two really great lectures on lab and tools. But moving on forward, I have to more journal entries to work towards:
- Finishing the physical lab with all hardware and equipment needed. I will take photos of the whole process.
- Choosing a set of freeware tools that can be a starting point for a low-cost forensics lab.
In regards to the second point, I am on the same topic in relation to this years Studio project. I can not reveal it just yet (its pending approval), but if it lands – I will have a very good foundation for choosing future tools in relation to digital forensics and penetration testing.