This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."

Download it now to read this article plus other related content.

Forensics is becoming an integral part of ensuring compliance with the top regulations affecting organizations: SOX, SB 1386, GLBA and HIPAA.

SOX section 404 outlines management's responsibility pertaining to financial controls and requires that any shortcomings in these controls be reported; section 802 forbids intentional destruction or modification of financial or operational records; section 301 covers how organizations must handle fraud complaints and investigations. Case law has established that forensics is an important component of investigating this type of fraud because it provides a reliable method to determine if digital

    Requires Free Membership to View

records have been modified or deleted.

GLBA's Financial Privacy Rule, which addresses the collection and dissemination of non-public customer information, and its Safeguards Rule, which outlines how controls should be governed to protect this type of information, also fall under forensics' umbrella. Forensics is becoming more of an integral piece of auditing and investigating compliancy with the Safeguards Rule.

HIPAA has similar requirements pertaining to medical information, requiring thorough analysis and reporting of security incidents.

SB 1386 requires that companies doing business in California must report the unauthorized disclosure of sensitive information, which can be a driver's license number, Social Security number or financial account number.

--Shon Harris
Many of its tools, like the venerable dd (a binary data dumper used for imaging of any device or data stream), are open source, and their source code has been scrutinized by the UNIX/Linux community for many years. Helix tools can be run from the command line or in an X session on live Linux systems, and from a self-contained Cygwin environment or the native GUI on live Windows systems.

Among the tools Helix employs are its feature-packed Sleuth Kit and graphical interface Autopsy Browser. Used in tandem, these give the digital investigator a very capable graphical analysis platform similar in functionality to many commercial products.

Since Helix is a shareware tool, it's inexpensive but lacks the technical support and fixes to bugs when needed. Also, its youth is a drawback; there is little if any court case history in which Helix has been used.

Paraben's NetAnalysis
Paraben has an extensive suite of tools that can be used to examine e-mail, recover passwords, analyze chat logs and perform powerful Web surfing analysis.

Paraben's NetAnalysis tool can examine AOL history files, reconstruct a cache for viewing, recover deleted Internet history files, identify Google searches, and provide a cookie and URL decoder. Its ability to capture evidence from most cell phones and PDAs is more comprehensive than similar capabilities in other tools.

Although Paraben has an extensive toolset, it has not caught on in the industry as well as the EnCase and AccessData products.

This was first published in December 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: