Educause Security Discussion mailing list archives

Re: Best Forensic Tools?

From: "O'Callaghan, Daniel" <Daniel.OCallaghan () SINCLAIR EDU>
Date: Tue, 30 Mar 2010 15:58:00 -0400

It would be good to have a tool box of good tools to do at least the

first phases of evidence gathering and preservation for the experts.<

I use Helix Pro for basic acquisition and imaging. For the price (about
$240), it is fairly robust and intuitive, particularly for acquisition.
The latest version also has tools for volatile data acquisition.

As stated previously, as long as the individual performing the
acquisition does so properly and understands, documents, and can explain
the who, what, why, and how, an image obtained (and hash verified) using
the Helix tools is acceptable as evidence and will likely stand up in
court. 

I also recommend the SANS forensics courses 408 & 508 for training. They
emphasize using low-cost and/or open source tools for acquisition and
analysis.  You can sometimes find some outstanding deals via their .edu
partnerships.  

___________________________________
Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA
Chief Information Security Officer
Sinclair Community College
444 W Third St, 13-000F
Dayton, OH 45402
937-372-3005

Current thread:

Best Forensic Tools? Wayne Samardzich (Mar 30)
- <Possible follow-ups>
- Re: Best Forensic Tools? Guy Pace (Mar 30)
- Re: Best Forensic Tools? Zach Jansen (Mar 30)
- Re: Best Forensic Tools? David Gillett (Mar 30)
- Re: Best Forensic Tools? Wayne Samardzich (Mar 30)
- Re: Best Forensic Tools? Bradley, Stephen W. Mr. (Mar 30)
- Re: Best Forensic Tools? O'Callaghan, Daniel (Mar 30)
- Re: Best Forensic Tools? Patrick Goggins (Mar 30)
- Re: Best Forensic Tools? Eric Case (Mar 30)