O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Software Tools

Software used for the collection and preservation of computer evidence usually falls into one of three broad categories: Forensics Application Suite, Utility, and Other. Tools in use can be split into two categories: Tier I—Forensics Application Suites, and Tier II—Utilities and Other.

Forensics Application Suite (Tier I). In this category, applications are created specifically with computer forensics in mind and usually support all four phases of the computer forensics process: collection, preservation, filtering, and reporting.

Utility (Tier II). Applications in the Utility category are designed to perform a specific function, such as recover deleted files, remove the HPA of a disk, or create a disk image. Utility applications ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required