Theforensics teams commonly have a wide range of tools available at theirdisposal. These tools are essential in their investigations as these allow themto identify, capture, preserve, extract, and work on with computer evidencethat are crucial to the cases they handle (Forensic Control, 2017). Given thatsome tools only function with certain OS, forensics team members are typicallywell-versed with various OS as different arrangements can be made based on whatthe investigations require (Forensic Control, 2017). Now operating systems or computingplatforms such as Unix and Windows play an important role in the selection andusage of tools. These systems have advantages and disadvantages in the processof forensic examinations (Jovanovic, n.
d.). However, the most critical amongthese is the OS requirement of tools. Put simply, some tools require a Unix OSwhile some only run on Windows but there are also tools that can run acrossthese two platforms and even a handful of other OS (Jovanovic, n.d.). Windows, as a platform, offersfunctionalities like Ms-config which helps in tracking events in the system.
Asa popular OS, it presents a user-friendly environment for forensic examinationprocesses even to non-experts (Jovanovic, n.d.). There are several helpfulthird party applications available for Windows users such as FTK, Winhex, andWindowSCOPE, which are among the professional choices in digital analysis. Meanwhile,the Unix platform is mostly known and widely used by professionals. It providesusers with special commands that are specifically made for forensicexaminations (Jovanovic, n.d.).
As an expert’s choice of OS, its environmentmay not be as user-friendly to beginners but it surely does to professionals(Nwaete, 2014). As an open source platform, it offers a lot more applicationsand tools than Windows, examples are The Coroner’s Toolkit and Foremost.Majordifferences between the Windows and Unix platforms were specified by Jovanovic(n.
d.) as: their approach to system and data files, specifically in filemanagement system, and assignment of permissions for files. Both have distinctway of system and file management that can be advantageous or disadvantageousto its user depending on the tasks at hand (Jovanovic, n.
d.).Therecan also be special add-on features to these tools. A perfect example isWireshark, a popular protocol analyzer that can run across multiple platformsas it is operational in various operating systems (OS). It has a wide range offeatures including but not limited to efficient display filters, VoIP analysis,and offline analysis (Samoundy, 2017). This is helpful in network forensics asits usage focuses on the documentation and analysis of network-based evidences.Theforensics team utilizes these tools according to the type of investigation theyconduct. For small cases or low level investigations, these tools can be usedon just a single server.
Meanwhile, for large cases or high/ advanced levelinvestigations, an establishment of a specialized team lab is advisable to havea dedicated space where specific tools can be located and only be accessed byauthorized members. In general, premium is given to tools that can run onmulti-platforms as these are more practical and easier to access and work ongiven that it can function on different OS (Forensic Control, 2017).Therecan be specific configurations for the use of these tools due to a number ofreasons. At the top of the list are security of data and efficiency. Most ofthe time cases call for encryption, done through password protection and othermeans, in order to have a thorough security of data stored in the server(Thipusian, Thogarcheti, Fahad, Gurjar, Mentsiev, & Mammuan, 2017). As forefficiency, certain configurations for these tools are made in the expectationin the usage of these tools is the delivery of best results, which of course,affect the integrity and the end result of the cases.