Imaging/Capture Tools
Just as with every other step along the way, you need to document any forensic software used during the examination. You should record its version and use it in accordance with the vendor’s licensing agreement. The software you use should be properly tested and validated for forensic use. Several papers are available that document NIST and Department of Justice testing of various tools. You can find these papers on the NIST Web site at http://www.cftt.nist.gov/ and the Department of Justice’s Office of Justice Programs Web site at http://www.ojp.usdoj.gov.
You also need to document all standard procedures and processes that you use, as well as any variations to or deviations from standard procedures. To analyze any system ...
Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
