Write a Response for the following Discussion Board question?
Computer Forensics’ Image Analysis
It is my understanding that computer forensics’ image analysis, which is also known as “computer vision” or “image recognition.,” is the process of identifying characteristics within an image using digital image processing techniques which ensures that the process is accurate, and images have not been compromised. The process is conducted for the purpose of examining common areas on the disk image for possible malware, hidden images, violations of company policies, and any other evidence of a crime. The potential evidence is identified can be further analyzed to determine the cause and establish the timeline of the crime occurrences (Prasad, n.d.). Some of the tools that can be used for image analysis are Disk imaging software, hashing tools, file recovery programs, software and hardware write tools, and Encase (6 Top computer forensic tools, 2009).
The Best Tool to Use for This Investigation
The tool that I would use to conduct an Image Analysis for this investigation is the Encase. I would choose this tool Encase because it is one of the most widely used commercial computer forensic tool made by Guidance Software. I would various investigative tasks can perform with Encase such as disk imaging and verification and analysis of data. Some digital evidence many have unallocated spaces which may contain valuable information in context with a cyber-crime investigation. With Encase, it is possible to inspect these unallocated spaces and collect the necessary data (6 Top computer forensic tools, 2009).
Benefits and Disadvantages of Using Encase
The benefits of using Encase is that it can break down complex file structures for examination, such as the registry files, dbx & pst files, thumbs db etc, it has timeLine, and full scripting abilities. It also allows automation of report, decryption, and carving. I would choose Encase over some of the other tools because it has a built-in mechanism for breaking down complex file structures so that they can be analyzed and investigated. It also only needs to be hashed once. Some of the Disadvantages of Using Encase are it has No progress bar, no multi-tasking, no scripting support, HFS (mac) not support, a 2 million file limit, no PSD or AVI support, requires a lot of work, has rough looking reports, no internal mail viewer, no full Indexing of the Drive, and only performs live searches (Atom, 2011). However, EnCase supports the detection and processing of multiple email mailbox formats, including EDB (Microsoft Exchange), DBX (Outlook Express) and even Unix-style MBOX files.
References
Atom. (2011, April 7). Advantages and Disadvantages of FTK and EnCase. Retrieved
from com/2011/04/sadvantages-and-disadvantages-of-ftk.html”>http://acid-burninfo.blogspot.com/2011/04/sadvantages-and-disadvantages-of-ftk.html
Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to computer forensics and investigations (5th
ed.). Boston, MA: Cengage.
Prasad, R. (n.d.). Forensic analysis of digital media – 4 methods explained https://www.ci.security/resources/news/article/forensic-analysis-of-digital-media-4-methods-explained.
0 comments