Educause Security Discussion mailing list archives
Re: Best Forensic Tools?
From: "O'Callaghan, Daniel" <Daniel.OCallaghan () SINCLAIR EDU>
Date: Tue, 30 Mar 2010 15:58:00 -0400
It would be good to have a tool box of good tools to do at least the
first phases of evidence gathering and preservation for the experts.< I use Helix Pro for basic acquisition and imaging. For the price (about $240), it is fairly robust and intuitive, particularly for acquisition. The latest version also has tools for volatile data acquisition. As stated previously, as long as the individual performing the acquisition does so properly and understands, documents, and can explain the who, what, why, and how, an image obtained (and hash verified) using the Helix tools is acceptable as evidence and will likely stand up in court. I also recommend the SANS forensics courses 408 & 508 for training. They emphasize using low-cost and/or open source tools for acquisition and analysis. You can sometimes find some outstanding deals via their .edu partnerships. ___________________________________ Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA Chief Information Security Officer Sinclair Community College 444 W Third St, 13-000F Dayton, OH 45402 937-372-3005
Current thread:
- Best Forensic Tools? Wayne Samardzich (Mar 30)
- <Possible follow-ups>
- Re: Best Forensic Tools? Guy Pace (Mar 30)
- Re: Best Forensic Tools? Zach Jansen (Mar 30)
- Re: Best Forensic Tools? David Gillett (Mar 30)
- Re: Best Forensic Tools? Wayne Samardzich (Mar 30)
- Re: Best Forensic Tools? Bradley, Stephen W. Mr. (Mar 30)
- Re: Best Forensic Tools? O'Callaghan, Daniel (Mar 30)
- Re: Best Forensic Tools? Patrick Goggins (Mar 30)
- Re: Best Forensic Tools? Eric Case (Mar 30)