Content area
Full Text
Abstract - Computer forensics tools are essential part of any computer forensics investigation. The tools can be classified in various ways including, open source vs. proprietary; hardware vs. software; special purpose vs. general purpose, etc. In practice, software tools are more common. Each software tool has its own pros and cons. However, they all have one feature in common, i.e. installation, configuration, and setup. For some tools, the configuration process can be complicated and time consuming. To avoid this, the computer forensics investigators have the option of using the computer forensics tools that are pre installed and configured in Backtrack 5.0 r3. In this paper, we present the results of our experiment with various digital forensics tools that are included in Backtrack 5.0 r3.
Keywords: Backtrack, VMware, Computer Forensics Tools
(ProQuest: ... denotes formulae omitted.)
1 Introduction
Computer forensics tools play an important role for forensics investigators. Selection of a particular tool depends on the nature of the investigation, reliability, security, and the cost effectiveness. There are many options that digital forensics investigators can choose from. Classifications of computer forensics tools include open source, proprietary, hardware, software, special purpose and general purpose. Each tool has its own advantages and disadvantages. A comprehensive review of the top twenty open source free computer forensics investigation tools can be found in [14]. For a list of proprietary computer forensics tools see [16] & [9]. Brian Career [3] reports on how forensics tools have been viewed historically, i.e. philosophy, security and reliability. He concludes that open source tools are as effective and reliable as proprietary tools. Manson and his team [8] compared one open source tool and two commercial tools. They found that all three tools produced the same results with different degree of difficulty. Backtrack 5.0 r3 has a rich repository of digital forensics tools that support computer forensics specialists to do tasks such as acquisition, analysis, recovery, imaging, vulnerabilities scan, penetration testing, and file interrogation. A survey of Backtrack 5.0 network forensics tools can be found in [7]. The purpose of this research is to study Backtrack 5.0 r3 [2] forensics tools. We examine different categories of computer forensics tools, analyze the types and number of tools in each category, investigate their capabilities, evaluate their...