Technical support of computer forensics
In this article, we will refrain from covering the legal aspects of the production of judicial computer-technical expertise. However, at one point still have to focus. In accordance with the requirements of procedural legislation, in the production of expert research, the expert is obliged to ensure the preservation of the research object in an unchanged form. Therefore, the production of computer-technical examinations "by common sense," by the regular inclusion of the computer under investigation, the installation of any programs on it and the analysis of available data is unacceptable. Indeed, with such actions, the contents of the hard disk of the investigated computer will inevitably change. Therefore, for the production of examinations in compliance with this requirement using special equipment and software.
Currently, the market has a sufficient amount of hardware, hardware and software, and purely software solutions for the production of computer and technical expertise. In addition to the expert systems themselves, a considerable number of “expert” utilities written by enthusiasts can be found on the Internet, ranging from software hard-disk blockers to programs for searching for one or another specialized information. However, none of these utilities is a comprehensive, complete solution that provides turnkey computer technical expertise. If you systematize information about all the full-fledged expert systems on the market, you can come to the following table:
It is obvious that all expert systems in their capabilities are not too different from each other. Each has a certain "competitive advantage". For example, EnCase works best with all other systems with RAID arrays, Paraben Commander "understands" the largest number of email programs, and Forensic Toolkit allows a highly qualified specialist to perform some poorly formalized delicate manual operations. Therefore, each user can purchase the system that best suits his needs.
Pure hardware for the production of examinations are not designed to work with the Cyrillic alphabet and therefore are not in high demand on the Russian market. But often used hardware copying discs and blocking records on the hard disk. At the moment, Tableau is the absolute leader in the market for blockers of recording (in Russia, Tableau products are sold strictly through Guidance Software). This company produces blockers for every taste - from luxury models like TD2u (the figures below show this embodied expert dream immediately after unpacking and during use - simultaneously copying a flash drive to a similar drive and hard drive) to “consumer goods” such as the T35 family.
In general, such hardware blockers connect to the computer of an expert via USB 3.0, FireWire or eSATA ports and allow you to securely copy data from hard drives (IDE, eSATA, SATA and notebook), flash drives and memory cards.
To be continued in the next post.
Currently, the market has a sufficient amount of hardware, hardware and software, and purely software solutions for the production of computer and technical expertise. In addition to the expert systems themselves, a considerable number of “expert” utilities written by enthusiasts can be found on the Internet, ranging from software hard-disk blockers to programs for searching for one or another specialized information. However, none of these utilities is a comprehensive, complete solution that provides turnkey computer technical expertise. If you systematize information about all the full-fledged expert systems on the market, you can come to the following table:
It is obvious that all expert systems in their capabilities are not too different from each other. Each has a certain "competitive advantage". For example, EnCase works best with all other systems with RAID arrays, Paraben Commander "understands" the largest number of email programs, and Forensic Toolkit allows a highly qualified specialist to perform some poorly formalized delicate manual operations. Therefore, each user can purchase the system that best suits his needs.
Pure hardware for the production of examinations are not designed to work with the Cyrillic alphabet and therefore are not in high demand on the Russian market. But often used hardware copying discs and blocking records on the hard disk. At the moment, Tableau is the absolute leader in the market for blockers of recording (in Russia, Tableau products are sold strictly through Guidance Software). This company produces blockers for every taste - from luxury models like TD2u (the figures below show this embodied expert dream immediately after unpacking and during use - simultaneously copying a flash drive to a similar drive and hard drive) to “consumer goods” such as the T35 family.
In general, such hardware blockers connect to the computer of an expert via USB 3.0, FireWire or eSATA ports and allow you to securely copy data from hard drives (IDE, eSATA, SATA and notebook), flash drives and memory cards.
To be continued in the next post.
')
Source: https://habr.com/ru/post/266137/
All Articles