ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Security and Forensic Tools

Updated on July 23, 2016


Presently, cyber crime has risen to unimaginable levels; this has been fuelled by the fact that the internet has created a dimension with no barriers while at the same time making a limitless number of tools available for use by cyber criminals. Because of this, computer forensics employ the use of modern tools and methods to extract and analyze data from storage devices obtained from digital crime scenes. This paper serves to expound on some of these forensic tools. It will address their similarities and differences.

Cyber security and forensic tools



The internet is the mother of all networks, linking millions of computing devices. It has become useful for applications in commerce, communication exchange and information exchange globally. It has impacted all sectors of our lives. The devolved nature of the internet is its very foundation, interestingly; this feature of the internet has opened networks and devices to a myriad of threats and attacks from malicious cyber criminals.

Cyber crimes involve, but are not limited to; theft or mutilation of intellectual property, fraud, and theft of trade secrets which are what most companies are built on. Such information normally confers a competitive advantage to companies, if compromised; the company can end up losing millions. In addition to this, presently, business transactions are not exclusively based on tangible money due to online trading. Credit card misuse is a type of financial fraud that may arise when a criminal gains access to critical financial information. Cyber obscenity is another common cyber crime. Pornographic material is hidden in storage media because criminals know the repercussions of being found in possession of such material.

Computer forensics hardware


Criminals perpetrate these crimes by finding vulnerabilities in software and operating systems of computers connected to the internet. Once a loophole is found, the criminal can access or store sensitive data on some form of storage media. This can be local i.e. on removable drives such as zip drives, compact disks or memory sticks. It can also involve hard drives. When such crimes are committed, a prosecution is normally an uphill task because the crime scene may involve different cities and unsuspecting third parties (Boyd and Forster: 2004). It is at this point that a forensic specialist is tasked with combing through the digital crime scene by neutrally scrutinizing a variety of digital material involved or presumed to be involved in the crime and finally produce a report summarizing the contents of the material under investigation.

Like any other science, some specialized hardware and software tools are employed during the investigations. A stringent methodology is adhered to to maintain the integrity and credibility of the material involved. The tools used in such an undertaking are designed to serve a single or a variety of functions. The features offered by a tool are directly linked to its complexity; this can be ease of use, algorithmic or design complexity. Some tools can offer incredible functionalities, but have complicated interfaces, this impact on their user friendliness. The cost of any given tool is the ultimate distinguishing factor; some are expensive, whereas some are completely free.

Forensic functionality

Forensic tools offer a variety of functionalities to render their use in investigations credible. Disk imaging and hashing functions are examples of functionalities used in maintaining the integrity of any storage media under investigation. Hashing functions guarantee that the imaged device is similar to the original. Hashing functions have been further developed into secure hash algorithm known as the MD5 hash function which is popularly used today. Comprehensive analysis of forensic software tools

Protecting digital data and devices from corruption or alteration is the first step in a forensic procedure. This is done by protecting it from the suspect in question. The capacity to access and analyze data is imperative to the success of an investigation.

The following are some forensic tools used in cyber crime investigations.

Their effectiveness is highlighted.

1. Encase

Developed by Guidance Software, this forensic tool was introduced into the forensics sector in the late 1990s. It is capable of disk imaging, data verification, and analysis. An outstanding feature is the recovery of data via the scrutiny of unallocated spaces. It is important to note that these spaces can contain critical data that is important in an investigation. An investigator employing Encase will first image the storage device under scrutiny. The resultant image data is a bit stream image of the device that the software refers to as an ‘evidence file’. The software then carries out a verification of the credibility of the image and the original material by employing the MD5 hash function. The imaged data is mounted by the software to avoid the necessity of restoring the storage device in question. This software offers a tabulated view of the files obtained from the storage media. Important information like the last access, creation time and all the modifications done on the file is provided by this software.

2. FTK Imager

This is a tool created by Access Data. It helps in viewing and imaging storage devices. Its effectiveness at data recovery is pegged at the time when the file was deleted. It can generate MD5 hash values of visible and accessible data. The MD5 hash value is created and given to the investigator as a piece of the completed operation; this warrants the authenticity of the original data.

3. Forensic Tool Kit

This software is also developed by Access Data. It enables the investigator to view all the data on the selected storage device. It facilitates instant generation of hash values for files viewed during the investigation. This tool has a very simple user interface; its most outstanding functionality is the hashing function. However, it does not support data recovery; this directly affects data analysis.

4. PC Inspector file recovery

This is a free forensic investigation tool which has two main purposes; to disclose the contents of the selected storage device and to recover any deleted files from the media. It is a very effective tool for detecting all the data available in a storage device. It associated all the files with a condition; they can either be classified as good or poor.

The software has a ‘Find lost data’ ability; this performs an in-depth sector by sector scan. This includes unallocated space in the storage device. This reveals any files deemed to be lost or deleted. The chances of viewing or recovering a file that is unreferenced are better if the file is in good condition. The software does not guarantee the access to any file on the storage device that is unreferenced.

5. The Computer Online Forensic Evidence Extractor (COFEE)

This is a tool developed by Microsoft to enable forensic investigators to obtain evidence from a computer running on the Windows operating system. It is installed on an external storage device like an external disk drive or a USB flash drive. It serves as an automated forensic tool during real-time analysis. It was conceived by Anthony Fung, a former officer with the Hong Kong police. It is initialized by plugging the device containing it into a USB port. It has 150 implements together with a graphical user interface to enable the collection of data by investigators. The investigator then chooses the data to be exported; this is stored in an external device. The software then generates a report from the collected files. It has tools for internet browsing history recovery and password decryption. It also recovers the data stored in volatile memory which can get lost if the computer is powered off.


The capacity to recover all original system files, including unreferenced files from a storage device is imperative to an investigation. The above listed forensic tools clearly support this feature; however, data recovery is still a burning issue with these tools. None of the tools guarantees the recovery of files that are unreferenced. This is not useful for storage devices found after a long period after the crime has been committed.


Four forensic security and software tools that can be employed during forensic investigations have been discussed. This was done by analyzing their effectiveness and functionalities within the procedure of forensic investigations. Their shortcomings have been highlighted to enable improvement and informed decision making when choosing a tool. It is imperative that forensic investigators should be steps ahead of cyber criminals by using current forensic tools. This enables them to perform their duties during an investigation reliably.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)