Product Group Tests
Digital forensic tools
Digital forensics is the application of proven methods and investigative procedures for the purpose of reconstruction, reporting and presentation of evidence. It is achieved by preserving original evidence and accurately creating copies for analysis.
Full Group SummaryDigital forensics is the application of proven methods and investigative procedures for the purpose of reconstruction, reporting and presentation of evidence. It is achieved by preserving original evidence and accurately creating copies for analysis. This discipline is growing in popularity and importance in today's cyber society. As more devices are introduced to the market, storage for evidence increases, and this growth in the number and variety of electronic media raises a concern in forensic circles. Too, smartphones and tablets are more commonly seen by analysts than PCs in recent years. Databases and networks are not excluded. The integrity and accuracy of the recovered media is completely reliant on the extracting software.
Forensic software should consistently produce identical, unaltered copies of digital evidence. This fundamental truth is not restricted to any specific subgroup of forensics. Law enforcement and network administrators alike require that systems analysis should be based on reliable evidence.
Currently, organizations purchase a variety of forensic tools. The main issue is that a single solution that satisfies all needs of an analyst does not exist. A forensic kit targeting computers may not be compatible with cell phones or certain operating systems. Examiners and investigators consequently require additional training due to the variety of forensic software. An ideal solution would be an "all-in-one" product, but oftentimes these kits can consume system resources due to the amount of features offered, some of which may be unnecessary. Specialized kits offer more detail, but limit compatibility. Some kits may be resource-efficient, but leave more to be desired. The challenge for software developers is to find a balance between compatibility, performance and ease of use. Another concern is finding a kit that not only can be used for many devices, but one that can provide for lab and field use. This means the kit must be travel-friendly, accurate and quick to roll out.
The following reviews assess the strengths and weaknesses of a variety of today's forensic tools. We tested products with services for standard digital devices to networks, and a couple specializing in mobile devices, Apple, live system and advanced search. All reviews were based on five points of interest: features, ease of use, documentation, support and value for money. Each tool was individually assessed and graded independent of a competitors' product tested in the same lab. We compared the functionality against what the manufacturer touted to determine all our judgments. Our mission is to expedite the process of narrowing down consumer choices by eliminating hands-on testing and analyzing whether or not the product suits consumer needs according to its advertised use.
Potential users should first know exactly what it is they are looking for in a product. If one currently owns a product which satisfies most needs, consider searching for one that can supplement your primary tool. Another option is to contemplate whether an all-in-one product would be more beneficial given system specifications.
Each product we tested offers focused features and processes ideal for forensic analysis. The final decision lies on the desks of the user. It is unlikely that one product will supply all required capabilities needed for every case. In the race against criminals, choosing the tools fit for the purpose intended is vital.
For this Group Test, we took advantage of the skills of the Norwich University computer forensic students under the watchful direction of Peter Stephenson.
Nicole Chrusciel is a sophomore from New Britain, Conn., studying computer security and information assurance with a concentration in forensics. Nicole worked on a summer research project on security on medical devices and is working toward a patent for a prototype she created.
Christopher Cummings is a graduating senior in the computer security and information assurance program, schedule to receive his diploma May 2012. Christopher currently works as a security and fraud prevention professional at a publicly traded company based in Vermont.
Maria Dailey is currently a senior from St. Charles, Ill., working on her BS degree in computer security and information assurance with a minor in computer crime and forensics. Maria contributed a chapter on cryptology to a textbook on information security, and collaborated to several online articles about future privacy in the computer world. Following graduation in May 2012, Maria will pursue a career in digital forensics and cyber investigation.
Brie Davis is a criminal justice major with a minor in computer forensics and criminology. She will graduate May 2013 and afterward plans to commission as a 2nd lieutenant in the U.S. Army.
Luna Felker is currently studying computer security and information assurance, with a concentration in forensics. Luna will graduate May 2015 and hopes to travel the world and study Chinese.
Timothy Fontana is currently completing his B.S. degree in computer security & information assurance. Timothy will be commissioning into the U.S. Navy following graduation this May.
William Griffin is a senior studying computer security and information assurance. He will graduate May 2012, and will commission with the U.S. Marine Corps.
Ian Hulse is currently studying computer security & information assurance with a minor in computer crime and forensics, graduating May 2012. Ian plans on continuing a career in information assurance.
Colby LeClerc is currently a senior completing his B.S. degree in computer security and information assurance, from Raynham, Mass. He was a member of the Norwich football team for four years. Colby recently began the process of joining active duty in the U.S. Army by way of the Officer Candidate School (OCS).
Adam Marenna is a junior studying computer security and information assurance and will graduate May 2013 from Bel Air, Md. Adam is a specialist in the National Guard and plans to join the Officer Corps for military intelligence and cyber defense.
Aleksandar Ognenoski is a sophomore exchange student from Macedonia. Aleksandar studies computer science at the University for Computer Science and Technology in Ohrid. He will graduate in 2014 and will pursue a career in computer programming and database systems.
Darko Poposki is a sophomore exchange student from Ohrid, Macedonia. Darko studies computer science and engineering at the University for Information Science and Technology. He will graduate June 2014 and loves programming; Darko aspires to lead his own company in the field of computer science.
Todd Renner is a senior computer security and information assurance student who plans to pursue a career path in computers, turning his skills toward sustainable greenhouse technology for affordable organic food production. Todd will graduate this May.
Stephen Resto is studying computer security and information assurance with a concentration in forensics, and will be graduating May 2014. Stephen plans on furthering his knowledge in computer forensics and pursuing a career in cyber investigation.
Dejan Stefanoski is a sophomore exchange student from Skopje, Macedonia, who studies computer science and engineering at the University for Information Science and Technology in Ohrid. Dejan will graduate June 2014 and hopes to be employed in IT, working with code or software development.
Michael Zemanek is currently studying computer security and information assurance and will graduate in May 2012. Currently a police officer in central Vermont, Michael is furthering his law enforcement career with the skills and procedures gained in his digital forensic experiences at Norwich University.
Left to right, front row: Ian Hulse, Luna Felker, Maria Dailey, Stephen Resto, Ognenoski Aleksandar.
Left to right, middle row: Michael Zemanek, William Griffin, Timothy Fontana, Darko Poposki.
Left to right, back row: Colby LeClerc, Brie Davis, Dejan Stefanoski.
All Products In This Group Test
- AccessData Group Forensic Toolkit (FTK) v4
- ADF Solutions Triage-Examiner
- Cellebrite UFED Ultimate
- Cyber Security Technologies Mac Marshal Field Edition
- NIKSUN NetDetector Alpine
- Paraben Device Seizure v4.6
- RSA NetWitness
- Technology Pathways ProDiscover Incident Response v188.8.131.52
- WetStone Technologies US-LATT