Coroner's Toolkit is a group of basically free tools designed by Wietse Venema and Dan Farmer to be used in the forensic analysis of a UNIX machine. There are several reasons as to why local law enforcement agencies. First, the Coroner's Toolkit is specifically designed to be used in cyber-crime investigation (Farmer & Venema, 2005). This is an exceptionally powerful suite and therefore proper training of UNIX is a major condition in order to manage the Toolkit. Another important reason for purchasing this toolkit is that it helps in reconstructing the activities of an intruder by inspecting the documented times of file accesses and recuperating erased documents.
The most prominent components of TCT include the findkey tool which helps in in recovering cryptographic keys from files or a running process, the grave-robber tool which helps in capturing important information, the unrm and lazurus tools helpful in recovering deleted files and the ils and mactime tools helpful in displaying access patterns of dead or live files. TCT is perceived as the best product for backing up primary IT forensic tools (Wagner, 2000). In the right hands, TCT is reliable and very useful suite in its intended purpose. The …show more content…
Things happen which must be solved. In order to solve them we must collect relevant information concerning the issue with great care so as not to destroy the evidence (Turnbull & Slay, 2007). After collection we should analyze the information, extract meaning clues to aid in knowing what really occurred, and what might have caused it. Once we have the evidence and possible clues we are good to go. Instead of undergoing the manual process of collecting strands of hair fiber samples, or finger prints we can gather clues from a computer systems. This involves looking at the memory, disk drives, the operating system and its files, ownership and permission of said files and at what point things
The most prominent components of TCT include the findkey tool which helps in in recovering cryptographic keys from files or a running process, the grave-robber tool which helps in capturing important information, the unrm and lazurus tools helpful in recovering deleted files and the ils and mactime tools helpful in displaying access patterns of dead or live files. TCT is perceived as the best product for backing up primary IT forensic tools (Wagner, 2000). In the right hands, TCT is reliable and very useful suite in its intended purpose. The …show more content…
Things happen which must be solved. In order to solve them we must collect relevant information concerning the issue with great care so as not to destroy the evidence (Turnbull & Slay, 2007). After collection we should analyze the information, extract meaning clues to aid in knowing what really occurred, and what might have caused it. Once we have the evidence and possible clues we are good to go. Instead of undergoing the manual process of collecting strands of hair fiber samples, or finger prints we can gather clues from a computer systems. This involves looking at the memory, disk drives, the operating system and its files, ownership and permission of said files and at what point things