Forensics Software
Specialized tools are available for the acquisition of the forensics media, the recovery of data from that media, and the searching and cataloging of that data. An investigation team should be trained in the use of a standard suite but should be familiar with other tools as well. Case law on the admissibility of software is mixed. At one time, the investigator would be asked to personally validate the source code of the tools used. Many of the tools discussed in this chapter do not provide their source code. However, the vendors might be willing to provide expert testimony if requested or might be able to provide other information (such as case precedents) if this is an issue. Some forensics training courses and texts refer ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
