What You Need in Your Digital Forensics Tool Chest

By Mike Majewski, CEO at SEH Technology

The demand for digital forensics is increasing across public and private sectors. In a stunning finding, Check Point Research counted 900 cyberattacks per organization per week in Q4 2021, a record-breaking level, with education and research as attackers’ favorite targets. Digital forensics is necessary to identify the attack vector and, when possible, trace it back to its origins. Additionally, the need to capture digital evidence is becoming more common in criminal investigations, enabling law enforcement to preserve evidence on finances, communications, or illegal activity before it is deleted, altered or overwritten. 

When a cyberattack or crime that leveraged digital channels occurs, victims count on you and your expertise with digital forensics tools to capture evidence and preserve its integrity.

The Digital Forensics Tool Kit

In general, digital forensics investigators carry tools to capture three types of evidence:

●      Hardware

A thorough investigation preserves data from every computer, storage drive, hard drive, or other devices on the network. A hardware duplicator allows investigators to copy the data from a drive, often without having to mount the drive in a computer or install it in an enclosure. Using a tool that is read-only or write-protects data will ensure data, such as access times, isn’t changed as investigators review it.

There are several types of hard drive duplicators, addressing different IT systems, such as tools that analyze data on high-speed networks, capture data from flash drives or SD cards or quickly image a hard drive at a crime scene. You can also use capture screens that allow you to collect images of screens and videos.

●       Software and operating systems

In addition to the images you recover from hardware at the scene, you can also use software tools to capture additional information. Options include tools that help you locate hidden files, pull data from RAM, and decrypt encrypted files. Digital forensic technology software suites can also include packet sniffers and tools that analyze operating system registries.

●       Mobile and IoT device

Digital forensics tools can also capture evidence from mobile devices, such as GPS data, phone logs, texts or messages. Most recently, a new field of digital forensics has emerged to analyze data from Internet of Things (IoT) devices, which have become a target for cyberattacks and may also contain evidence that can aid in criminal investigations.

Protecting Digital Forensics

Regardless of the specific digital forensic tools you choose, one item is common to every investigation team: a laptop. It’s typically central to a digital forensics team’s field workstation, but unfortunately, laptops carried into the field can be lost, stolen or damaged.

Of course, protecting your investment in a ruggedized, security-hardened laptop is a priority for digital forensics teams. But the software and data on it are even more important. You can protect your investment in digital forensics software licenses – and the data you collect with them – by adding one more tool to your toolkit. A USB dongle allows you to use copy-protected software licenses over your network – you don’t have to load the software directly onto your laptop – and use it as if it were connected directly to your computer. Then, if something happens to the laptop in the field, you haven’t lost your software license or the data stored in it.

Take Everything You Need to the Scene

When heading out to investigate cybercrime or collect digital evidence, make sure you have all the tools you need to capture critical data and that no valuable evidence – or your digital forensics tools -- are lost.