From Wikibooks, open books for an open world
Jump to navigation Jump to search

Most of this book contains theoretical information; however each section generally ends with practical examples for you to try (either in the form of suggested activities or simple quizzes). For these practical aspects some hardware and software is required. In addition a working knowledge of computers is required to understand the terminology and theory.

Hardware requirements[edit | edit source]

As well as a reasonably powerful computer running Windows you may also need:

A second computer
For network acquisition examples, in addition many of the tools run under Linux, so a secondary Linux machine may be of use
A spare hard drive
For acquisition examples. This could be an internal or external drive, or even a USB pen drive. Bear in mind that a large hard drive with lots of data can take a substantial amount of time to copy.

Software requirements[edit | edit source]

Digital forensics software tends to be enterprise level, and excessively expensive for personal use. However, this book makes use of various free tools as well as demo versions of commercial software.

For computer forensics one of the major commercial tools is "Forensic Toolkit", from Access Data. Although currently on version 3.X an older demonstration copy (V 1.8.X) is available from their website. This will work for a short amount of time, sufficient for the examples in this book. You can find other suggestions for tools on the Forensic tools page. Various other free tools are available and will be used (or suggested) in the practical sections of the book.

In addition you may need a word editor; such as Microsoft Word or Open Office (alternately you could use the online Google Docs).

Software downloads[edit | edit source]

Tool name Description License/Type URL
FTK General purpose forensics Demo (1.8.X)
CaseNotes Case management/logging Free
VMWare Disk virtualisation Trial

Previous knowledge[edit | edit source]

Most of the topic-specific technical terms in this book are clearly defined where used, so prior knowledge of forensic terminology is unnecessary (there is also a glossary with relevant terms defined). As is a knowledge of the basic ideas behind forensic science.

However, the book assumes a working knowledge of computers and how they operate. The following material might be useful reference:

Introduction to Digital Forensics
Analyst Requirements A history