Case:When a user performs data maintenance, there is no operation. The data initializes the data in Kingdee Cai Software. Because it has not been backup this year, all financial vouchers have been lost this year.The engineer inspection by the line data recovery center was detected in the SQLServer enterprise manager. It was found that the…
Background Info I recently completed a new ‘Home Theater’ setup in our new house. In the living room I have a TV and sound bar, and in my office on the other side of the wall I have my PC (running Plex), PS3, Xbox 360, and the router. I installed some new faceplates and ran…
what is computer forensics?
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. With these useful forensics tools we can finish this work shortly and accurately.
A) List of tools for computer forensics
1. SANS Investigative Forensics Toolkit – SIFT (GPL V2.0)
Multi-purpose forensic operating system
computer-forensics.sans.org
2. EnCase (Windows, commercial, V6.18)
Multi-purpose forensic tool
www.guidancesoftware.com
3. FTK (Windows, commercial, V3.2)
Multi-purpose tool, commonly used to index acquired media.
accessdata.com/products/forensic-investigation/ftk
4. PTK Forensics (LAMP, free/commercial, V2.0)
GUI for The Sleuth Kit
sourceforge.net/projects/ptk-forensics/
5. The Coroner’s Toolkit (Unix-like, IBM Public License, V1.19)
A suite of programs for Unix analysis
www.porcupine.org/forensics/tct.html
6. COFEE (Windows,Proprietary)
A suite of tools for Windows developed by Microsoft, only available to law enforcement
cofee.nw3c.org
7. The Sleuth Kit (Unix-like/Windows, IPL, CPL, GPL, V3.1.1)
A library of tools for both Unix and Windows
www.sleuthkit.org
8. Categoriser 4 Pictures (Windows, Free, V4.0.2)
Image categorisation tool develop, available to law enforcement
9. Paraben P2 Commander (Windows, Commercial)
General purpose forensic tool
10. Open Computer Forensics Architecture (Linux, LGPL/GPL, 2.3.0)
Computer forensics framework for CF-Lab environment
11. SafeBack (commercial, V3.0)
Digital media (evidence) acquisition and backup
12. Forensic Assistant (Windows, commercial, V1.2)
User activity analyzer(E-mail, IM, Docs, Browsers), plus set of forensics tools
B) Tools for Mobile device forensics
Mobile forensics tools tend to consist of both a hardware and software component.
1. Cellebrite Mobile Forensics (Windows, Commercial)
Univarsal Forensics Extraction Device – Hardware and Software
2. Radio Tactics Aceso (Windows, Commercial)
“All-in-one” unit with a touch screen
3. Paraben Device Seizure (Windows, Commercial)
Hardware/Software package
4. MicroSystemation .XRY/.XACT (Windows, Commercial)
Hardware/Software package, specialises in deleted data
5. Oxygen Phone Manager (Commercial)
C) Other computer forensics tools
1. HashKeeper (Windows, free)
Database application for storing file hash signatures
2. Evidence Eliminator (Windows, commercial, V6.03)
Anti-forensics software, claims to delete files securely
3. DECAF (Windows, free)
Tool which automatically executes a set of user defined actions on detecting MS’s COFEE tool
Case:A client brought 2 500B hard disks from Jiangsu, which is confidential data. We strictly follow the data recovery process to recover data.Customers have found relevant companies in Jiangsu to test, saying that the hard disk has a physical bad disk, which may not be recovered. Because user data is Kingdee’s financial data, it is…
If you are experiencing difficulty creating a partition on a SCSI disk drive, try these basic troubleshooting steps.
Case:Mr. Li is an employee of a bank. He usually stores some important information in his computer. However, when you use it at the end, you can’t find the machine. It is still not possible to take out the hard disk to the other computer. Solution:After the online search call was determined, the data recovery…
Case:The operating system is Windows, and the mail system is OUTLOOK. After using the PST mail to delete the PST mail during use, some data are written in the partition. Solution:Due to the reading and writing operation, the PST data file of the bottom layer is changed. The file generates a large amount of fragments….
Case:There are 8 plates on the server server of the Meteorological Bureau to make a set of RAID6, of which No. 1 and No. 5 turned on red lights. They were not found in time. Later, it was found that the 2nd plate was turned on.The system is Windows 2008 Server. Solution:After the hard disk…
Case:Play the mobile phone for children, accidentally delete the text messages and photos inside, and some contact information, which is very important to customers. Solution:Data recovery engineers first conducted a fault analysis to check whether there were secondary damage, and then extracted the underlying code through professional data recovery devices. Finally, the file system was…
Case:Seagate SCSI server hard disk ST336607LC can detect the model when starting, and the model can also be recognized in the operating system, but there is no opening and no capacity.There are important data inside, so there is no backup, so contact the data. Solution:According to customer descriptions and the hard disk Seagate SCSI ST336607LC’s…
