Of all of the months of the review calendar this is my favorite. For the past five years my computer forensic students at Norwich University have produced these pages. This year, I gave them the year off so I could do the reviews myself. In these reviews are some of my personal favorite tools – tools that I have been using and watching evolve for many years. There also are some relative newcomers that I am seeing for the first time. The bottom line is that gathered here are some of the most comprehensive digital forensic tools available. It was a real pleasure to have the opportunity to get my hands dirty and test them all.
I did the testing at our cyber forensic labs at Norwich. The test bed is part of our reconfigurable Cyber Weapons Range War Room and consists of 12 PCs connected to our VMware virtual data center. In addition, I have a FRED forensics computer (Forensic Recovery of Evidence Device, from Digital Intelligence) connected to the virtual data center. I used a fairly wide variety of image samples from hard disks to mobile devices as test cases, and for network analysis I used our virtual system and its connection to the internet. More about the testing on an individual product basis.
Because of the wide variety of product types this month, it was very difficult to pick a Best Buy and a single Recommended one. Thus, the Best Buy is based not on product type but on overall value. However, across product types we have designated several Recommended products. That means that for a given product type there will be one that is recommended.
Additionally, we have a First Look this month that I think you will find fascinating. I have been hearing about this company and its products for a while and I finally have been able to schedule them into a First Look. They have a unique approach to managing malware and, while I have seen elements of their approach in many products, this is the most complete so far.
Overall, this is a banner month and it did serve to remind me of the fine work our SC Lab team does every issue. When you have been working in the field for as long as I have, you sometimes get away from the day-to-day testing and evaluating products in the lab. That said, getting away from the management and editing and digging into the trenches is rewarding and fun. I recommend for my colleagues reading this that, if you can make the time – we all are snowed under with work these days – try it. You'll pick up on things you may not have thought about for some time.
Years ago, when I was writing my first book, I asked Byte columnist and noted science fiction author Jerry Pournelle if he liked writing. His response was that he liked having written. For what may be somewhat diverse reasons, I agreed this month and I trust that you will enjoy reading this as much as I enjoyed writing it.
