forensics teams commonly have a wide range of tools available at their
disposal. These tools are essential in their investigations as these allow them
to identify, capture, preserve, extract, and work on with computer evidence
that are crucial to the cases they handle (Forensic Control, 2017). Given that
some tools only function with certain OS, forensics team members are typically
well-versed with various OS as different arrangements can be made based on what
the investigations require (Forensic Control, 2017).
Now operating systems or computing
platforms such as Unix and Windows play an important role in the selection and
usage of tools. These systems have advantages and disadvantages in the process
of forensic examinations (Jovanovic, n.d.). However, the most critical among
these is the OS requirement of tools. Put simply, some tools require a Unix OS
while some only run on Windows but there are also tools that can run across
these two platforms and even a handful of other OS (Jovanovic, n.d.).
Windows, as a platform, offers
functionalities like Ms-config which helps in tracking events in the system. As
a popular OS, it presents a user-friendly environment for forensic examination
processes even to non-experts (Jovanovic, n.d.). There are several helpful
third party applications available for Windows users such as FTK, Winhex, and
WindowSCOPE, which are among the professional choices in digital analysis.
the Unix platform is mostly known and widely used by professionals. It provides
users with special commands that are specifically made for forensic
examinations (Jovanovic, n.d.). As an expert’s choice of OS, its environment
may not be as user-friendly to beginners but it surely does to professionals
(Nwaete, 2014). As an open source platform, it offers a lot more applications
and tools than Windows, examples are The Coroner’s Toolkit and Foremost.
differences between the Windows and Unix platforms were specified by Jovanovic
(n.d.) as: their approach to system and data files, specifically in file
management system, and assignment of permissions for files. Both have distinct
way of system and file management that can be advantageous or disadvantageous
to its user depending on the tasks at hand (Jovanovic, n.d.).
can also be special add-on features to these tools. A perfect example is
Wireshark, a popular protocol analyzer that can run across multiple platforms
as it is operational in various operating systems (OS). It has a wide range of
features including but not limited to efficient display filters, VoIP analysis,
and offline analysis (Samoundy, 2017). This is helpful in network forensics as
its usage focuses on the documentation and analysis of network-based evidences.
forensics team utilizes these tools according to the type of investigation they
conduct. For small cases or low level investigations, these tools can be used
on just a single server. Meanwhile, for large cases or high/ advanced level
investigations, an establishment of a specialized team lab is advisable to have
a dedicated space where specific tools can be located and only be accessed by
authorized members. In general, premium is given to tools that can run on
multi-platforms as these are more practical and easier to access and work on
given that it can function on different OS (Forensic Control, 2017).
can be specific configurations for the use of these tools due to a number of
reasons. At the top of the list are security of data and efficiency. Most of
the time cases call for encryption, done through password protection and other
means, in order to have a thorough security of data stored in the server
(Thipusian, Thogarcheti, Fahad, Gurjar, Mentsiev, & Mammuan, 2017). As for
efficiency, certain configurations for these tools are made in the expectation
in the usage of these tools is the delivery of best results, which of course,
affect the integrity and the end result of the cases.