Product Group Tests
Digital forensic tools
Full Group Summary
Ensuring the security of your organization involves efficient technology, yes, but also trained personnel to make sense of log data that is continuously accumulating, says Brendan Carroll.
With the rapid evolution of cyber capabilities and the increasing reliance on technology by corporations and government, processes have become more efficient, collaboration has been made simple and flexibility and versatility have come to be regarded as cornerstones within successful IT departments. But, in order to prevent the exploitation of vulnerabilities within critical processes, one must be equipped with the right tools in order to detect, prevent and analyze any actual or attempted intrusions.
The products that we review this month fall into the categories of network and media forensic tools. These solutions provide a critical line of defense, allowing an organization increased control over its network and the ability to analyze critical data stored on any digital medium.
Network forensic devices allow the traffic flowing over a network to be captured, logged and analyzed. Features employ anything from granular control mechanisms to automated reporting capabilities - providing a security team with all the tools necessary to ensure the protection of its network.
While the devices we examined this month provide the capability to extract and analyze data, the true benefit an organization will receive from these solutions depends on having strong policies in place, developed processes and a well-trained and experienced security team. Further, the raw data exchanged over any network can be critical to its security. This makes having a forensic tool to capture and log that data necessary and, more importantly, to have a team that can analyze and understand what it is they are looking for and guarding against.
In order to gain the best results from one's investment and to optimize results the software should be implemented with several considerations. Filters are necessary in refining data search so a user is not overwhelmed with unnecessary information. Contextual information about the network architecture should be provided in order to make analysis more efficient. Finally, if one is to make the investment in a network forensic product, training should be integrated into the organization's deployment plan. Having a well-trained team that knows what they are looking for will increase the efficacy of the product and ensure the security of the organization's network. With the proper organizational considerations and foundations, the deployment of a network forensic tool can strongly impact the evolution of the security standards a company has in place.
However, even the best forensic team must be equipped with the proper tools to do its job appropriately. Many investigative teams need to recover files that have been deleted or access specific files buried in the depths of a system's file structure. With forensic tools such as we examine here, investigators have the ability to create an image of a digital storage medium where they can then drill down and analyze the necessary data at a granular level. This kind of transparency enables a team to recover and analyze whatever information that could be deemed a threat.
From malicious insiders to viruses, phishing scams and more, organizations' data faces a persistent threat of compromise. As a result, we are forced to remain ever vigilant for the next threat to our resources. There is no one solution, no one guarantee. Rather, each organization has the responsibility to tailor its security to the values and corporate policies in place, and for each organization there are a host of forensic products that may prove fitting.
Brendan Carroll will graduate in May from Norwich University with a degree in computer security and information assurance. The following NU students contributed to this month's reviews: Georgij Lazarevski, Marjan Shapkaroski, Trevor Bergeron, Saul Costa, Mathew Davis, Ryan Dibble, Alexander Foskarino, Brendon Gallant, Steve Gonzales, Dillon Halliday, Katya Lopez, Zachery Matera, Gabriel McLean, Rory O'Neil, John Parker, Daniel Smith, Joshua VanLaar and Benjamin Wright.
All Products In This Group Test
- AccessData Forensic Suite
- ADF Solutions Triage-G2
- Cellebrite UFED Touch Ultimate
- CRU WiebeTech Forensic ComboDock v5
- Cyber Security Technologies Mac Marshal
- Guidance Software EnCase Forensic v7.05.02
- HBGary Responder Professional
- IntaForensics Lima Forensic Case Management Software
- NIKSUN NetDetector/NetVCR Alpine 4.2.1
- Technology Pathways ProDiscover Incident Response 7.4