IAB Interactive Standardized Equipment List   return to main tree

Search Interactive SEL:





Last Updated: 6/28/2022 10:19:35 AM

Previous SEL Number: 05HS-00-FRNS

Description: Application suites that allow in-depth analysis of hosts based on operating system and file systems. Software of this type may be used by law enforcement officers, government/corporate investigators and consultants to investigate the aftermath of computer-related crimes. Forensics software generally includes disk analysis tools, tools for the recovery of deleted files, and integrated database support to mark files and data of interest to investigators.

This functionality may also be obtainable via subscription as a cloud-based service using a web browser interface, as opposed to purchasing software. See 04AP-11-SAAS for further information.


ImportantFeatures: Will support a specific list of operating systems (e.g., Windows, Linux, Solaris).
Will support a specific list of file systems, such as FAT16, FAT32, NTFS, EXT2/3 (Linux), Reiser (Linux), UFS (e.g., Sun Solaris), AIX Journaling File System (JFS and jfs) LVM8. FFS (OpenBSD, NetBSD, and FreeBSD), Palm, HFS, HFS+ (Macintosh), CDFS, ISO 9660, UDF, DVD.
Will support drives in various RAID configurations.
Support for evidence collection and chain of custody.
Analysis of E-mail, Internet communications, and document files.
May support analysis of mobile devices (Android, iOS, Windows Mobile, etc.)


Operating Considerations: Some packages may require add-on applications.
Some packages may not support all file systems or OS types.
May require purchase of additional tools to support analysis of hand-held devices (Palm/Blackberry/etc.).
May require additional hardware purchases to run the Forensics suite.
Will require additional hardware for data transfer of images, etc.


Training Requirements: Core Training: Per Manufacturer's Specifications
Initial Training: Extensive (> 2 days)
Sustainment Training: Extensive (> 2 days)


Mandatory Standards:

Applicable Standards and References:


MSSL:
  • Forensic Technician