The most prominent components of TCT include the findkey tool which helps in in recovering cryptographic keys from files or a running process, the grave-robber tool which helps in capturing important information, the unrm and lazurus tools helpful in recovering deleted files and the ils and mactime tools helpful in displaying access patterns of dead or live files. TCT is perceived as the best product for backing up primary IT forensic tools (Wagner, 2000). In the right hands, TCT is reliable and very useful suite in its intended purpose. The …show more content…
Things happen which must be solved. In order to solve them we must collect relevant information concerning the issue with great care so as not to destroy the evidence (Turnbull & Slay, 2007). After collection we should analyze the information, extract meaning clues to aid in knowing what really occurred, and what might have caused it. Once we have the evidence and possible clues we are good to go. Instead of undergoing the manual process of collecting strands of hair fiber samples, or finger prints we can gather clues from a computer systems. This involves looking at the memory, disk drives, the operating system and its files, ownership and permission of said files and at what point things