Re: Best Forensic Tools?

[Zach Jansen <zjanse20 () CALVIN EDU>]

Depends:

Access Data - Most user friendly. 
Encase
Helix - Most budget friendly. 

For copying Hard Drives:
dd
ftk imager
f-response - 

I've tended to stay out of the true forensic analysis type situations . Reputation, experience, and training will be 
very important for the investigator that submits anything as evidence, and I don't process nearly enough to have built 
these things. I've been fortunate to have someone in house, a professor, that has built those skills and I always refer 
serious forensic analysis work to him. Depending on the demand, you may find it more cost effective to contract with an 
analyst than to keep one on staff. Of course, calling your local law enforcement friends is an important option as 
well. 

It's also worth pointing out, that some states have specific laws about who can process evidence and some situations 
may require a licensed PI to be admissible. 

Zach

-- 
Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

> > > On 3/30/2010 at 12:14 PM, in message
<A2B51EA69AA3A047AFAEB74B6654264C08421948 () EXCH-VS02 staff puc purduecal edu>,
Wayne Samardzich <Samardzi () CALUMET PURDUE EDU> wrote:

> What forensic tools do you use?  For copying HD's,  looking for data, 
> e-discovery?
>
> I've been looking and Encase and Safeback: not sure of the pricing 
> structures.   We need some tools that will be relatively easy to use and have 
> the reputation in the legal world for effectiveness and trustworthiness.  
>
>
> Best,
>
> Wayne 
>
> Wayne Samardzich
> Operations Supervisor
> Information Services
> Purdue Calumet
> 219 989  2307
> P Think before you print