Acquisition Tools Case Project 4-1

913 Words 4 Pages
Register to read the introduction… Using your preferred Internet search engine and the vendors listed in this chapter, prepare a report containing the following information for each tool and stating which tool you would prefer to use: * Computer forensics vendor name
Technologies Pathways ProDiscover
– Guidance Software EnCase
– X-Ways Forensics
– Runtime Software
– R-Tools Technologies * Acquisition tool name and latest version number
You can remotely connect to a suspect computer via a network connection and copy data from it Remote acquisition tools vary in configurations and capabilities * Features of the vendor's product
With ProDiscover Investigator you can:
– Preview a suspect’s drive remotely while it’s in use
– Perform a live acquisition
– Encrypt the connection
– Copy the suspect computer’s RAM
– Use the optional stealth mode
ProDiscover Incident Response additional functions
– Capture volatile system state information
– Analyze current running processes
Remote Acquisition with EnCase
Remote acquisition
…show more content…
Write one to two pages describing three options you have to copy the drive accurately. Be sure to include your software and media choices. A log should be kept of who has had access to the drive including names, affiliations, and dates. After obtaining the drive, it should be placed in a secure container and a custody for should be filled out. A secure drive that is bigger than 2GB should be obtained in order to make the proper copy image of the original. The computer forensics will also need to note the kind of drive you are copying so that you have the proper cables/ports to connect the disk to your forensic PC. Copying this drive may take some time so it is essential to have a secure work area to perform the copy. I would then use my forensic software to make a bit stream copy of the drive. For safety reasons, I would appoint a key padlock and also a key custodian, stamp sequential numbers on each duplicate key, maintain a registry listing which key is assigned to which authorized person, also conduct a monthly audit, take an inventory of all keys, place a key in a lockable container and maintain the same level of security for keys as for evidence containers and change the locks and keys annually so I know the only limited number of people that have access to the data. Moreover, I will ensure proper communication is held with the legal counterpart on all parts of the investigation, key words to be used and other desired principles. I will arrange for a lawyer to see the results in the preferred

Related Documents