Product Group Tests
Digital forensic toolsMay 01, 2014
Because there is a lot of money to be made in cyber crime and the risks are very low, it has attracted an entire underground industry.
The world of digital forensics has become increasingly complicated. This, of course, is owing to several reasons. The fact that the FBI has declared cyber crime as the nation's number one threat - even ahead of terrorism - is one important reason. The rise of cyber crime has been both astronomical and rapid. This is coupled with terrorism on many levels, so solving one may lead inevitably to solving the other. The problem is that because there is a lot of money to be made in cyber crime and the risks are very low it has attracted an entire underground industry.
Recently, a report by McAfee suggested that there was an underground economy developing based on crimeware development. Crimeware is software that can be used by criminals who do not have significant computing skills. However, the developers are creating products that are every bit as sophisticated as many legitimate commercial products and, in many cases, even include technical support and help-desk services. The cost of these products is rather high, but considering the plunder that they can extract for their users, the price by any standards is quite reasonable. Some customers, of course, are terrorist groups. With these unsettling facts in mind it is no wonder that the defenders need tools as sophisticated to put up a fight.
Major intrusions, such as the vastly over-hyped Target breach, serve a positive purpose in raising awareness. We recently had a conversation with an advocate for wider-ranging computer and network security. She took the position that Target was a good thing from the perspective of raising awareness. I am not sure that Target would agree with her, nor might the victims whose information was stolen. However, there is something to be said for increasing awareness in both the general public and in those organizations that might opt for the easy way out when it comes to security.
That said, breaches and cyber crimes will continue. They will increase in frequency and level of damage so if we cannot be proactive at least we can clean up the mess after the attack is over. The attack may not be just a simple attack or breach, either. It may be a wide-ranging fraud, for example, or it may be a large-scale DoS conducted by hacktivists. Whatever the nature of the attack - fraud, cyber terror or other nefarious cyber activity - at the end of the day it is the forensic specialist who is left with the task of figuring out what happened.
Those forensic specialists are increasingly at the mercy of their tools. Sophisticated attacks require sophisticated responses and sophisticated responses require sophisticated tools. The nature of today's computer systems is sufficiently complicated that there are few, if any, tools that can do everything. Most cyber forensic labs have substantial tool sets at their disposal and many of the tools in the kit duplicate each other's functionality. So there may be two or more computer forensic tools, for example. Having multiple tools of similar functionality allows a more thorough analysis of a suspect piece of evidence than one alone.
This month we have a handful of some of the best tools available for various aspects of cyber forensics. To be sure, there are some with similar functionality, but we caution that having functionality that is similar does not necessarily mean that one is superior - though, of course, it may be. Rather, it often means that the two tools offer the same functionally while having individual strengths.
In our monthly Group Test reviews we never compare products against each other. This is not and never has been a shoot-out or bake-off. Rather, we assess the product with what it claims to do and we do that in the context of the market it serves. For this selection of products, never was any standard truer. There are few direct competitors here and each one has something special about it. If we were to make a broad recommendation it would be that a really good lab might have all of the products we are looking at this month.
With that said, there is one disturbing trend we observed this month. We have seen this before, but it was particularly obvious in some of the forensic vendors. In order to get any useful information - beyond marketing and sales hype - you must sign up with the website. Only then can you access such things as FAQs, discussion forums, spec sheets and documentation, all of which are legitimate sources of information that can help a prospective buyer make a decision. We assume that this is to force shoppers to receive a sales call, unwelcomed by many potential customers. We believe this is inappropriate and wherever we found it we reflected it negatively in the star ratings.
John Aitken contributed to these reviews.
All products in this group test
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes