What you need in your forensic toolbox

By Mike Majewski, CEO at HES technology

The demand for digital forensics is increasing in both the public and private sectors. In a stunning finding, Check Point Research counted 900 cyberattacks per organization per week in the fourth quarter of 2021, an all-time high, with education and research being the attackers’ favorite targets. Digital investigation is necessary to identify the attack vector and, if possible, trace its origins. Additionally, the need to capture digital evidence is becoming increasingly common in criminal investigations, allowing law enforcement to preserve evidence of finances, communications, or illegal activity before it is deleted, modified or overwritten.

When a cyberattack or crime using digital channels occurs, victims rely on you and your expertise in digital forensic tools to collect evidence and preserve its integrity.

The digital forensics toolkit

In general, digital forensic investigators have tools to capture three types of evidence:

Material

A thorough investigation preserves data on every computer, storage drive, hard drive, or other network device. A hardware duplicator allows investigators to copy data from a disc, often without having to mount the disc in a computer or install it in an enclosure. Using a read-only or write-protecting tool will ensure that data, such as access times, is not altered when investigators examine it.

There are several types of hard drive duplicators, catering to different computer systems, such as tools that analyze data over high-speed networks, capture data from USB drives or SD cards, or quickly image a drive. hard at a crime scene. You can also use capture screens which allow you to collect images of screens and videos.

Software and operating systems

In addition to the images you retrieve from onsite hardware, you can also use software tools to capture additional information. Options include tools that help you locate hidden files, extract data from RAM, and decrypt encrypted files. Digital forensic technology software suites may also include packet sniffers and tools that analyze operating system logs.

Mobile device and IoT

Digital forensic tools can also capture evidence from mobile devices, such as GPS data, phone logs, text messages or messages. More recently, a new field of digital forensics has emerged to analyze data from Internet of Things (IoT) devices, which have become a target for cyberattacks and may also contain evidence that can aid in criminal investigations.

Protect digital forensics

Regardless of the specific digital forensic tools you choose, one item is common to every investigative team: a laptop. It’s usually the heart of a digital forensics team’s field workstation, but unfortunately laptops carried in the field can be lost, stolen, or damaged.

Of course, protecting your investment in a rugged and secure laptop is a priority for forensic teams. But the software and the data it contains are even more important. You can protect your investment in forensic software licenses — and the data you collect with them — by adding an additional tool to your toolbox. A USB dongle allows you to use copy-protected software licenses on your network – you don’t need to load the software directly onto your laptop – and use it as if it were directly connected to your computer . Then, if something happens to the laptop in the field, you haven’t lost your software license or the data stored on it.

Bring everything you need to the scene

When you go to investigate cybercrime or collect digital evidence, make sure you have all the tools you need to capture critical data and that no valuable evidence – or your digital forensic tools – is lost.

About the Author

Mike Majewski is the CEO of SEH Technology. He opened the SEH US sales office in Phoenixville, PA in 2002; three years later, Mike became CEO of SEH Technology, a wholly owned subsidiary of German supplier SEH, which has specialized in network printing solutions for over 20 years. Mike also established the US sales channel and then managed all sales, distribution and marketing activities for North America. Today, Mike is still responsible for all ongoing sales and marketing processes as well as technical relationships with SEH’s OEM partners.

To contact Mike, visit https://www.seh-technology.com/us/ or via LinkedIn https://www.linkedin.com/in/mikemajewski

Geraldine D. Luckett