COMPARISION OF COMMERCIAL AND NON-COMMERCIAL TOOLS OF DIGITAL FORENSICS AND THEIRS APPLICATION

Dragan Ranđelović

Apstrakt:

Computer forensics can be defined as a scientific discipline acquiring, collecting, storing and presenting data that are electronically processed and stored on the computer as a media. Since the dominant type of computers nowadays are digital, the alternative name frequently used is digital forensics. As a relatively new discipline it has the potential to significantly affect the specific types of investigations and prosecutions and it is significantly different than traditional forensic disciplines. To begin with, tools and techniques necessary for this discipline are relatively easily available to anyone wishing to conduct the forensic analysis. Contrary to traditional forensic analysis, computer investigators are required to conduct testing in any given conditions and not always in the controlled ones. Collecting digital evidence begins with the information and/or physical objects collecting and storing in preparation of testing. The term “evidence” implies that the person, who has collected it, is recognized by the Court along with the process of collecting it. Furthermore, the data or physical object becomes evidence only when it is collected by an authorized person.

A large number of digital forensics tools offer a wide range of functionality, while others are designed for a sole purpose. Forensics tools vary in functionality and complexity in addition to their cost. Some of the leading commercial products cost thousands of Euros, while others are completely free. The nature of the forensic examination and the goal of the investigation will determine the most appropriate tools to be used. Therefore, it is highly significant to know in advance the comparative advantages of commercial and non-commercial forensics tools which is the subject of this paper.

Antiforensics techniques and tools followed in the path of the advancement and development of forensics. Generally speaking, any attempt of discrediting the utilization and accessibility of forensics evidences in a forensics process would classify as antiforensics.

Key words: forensics, computer forensics, digital forensics.