“dtSearch
is about as good and as powerful as it gets”
|
|
Mr. Jeffrey Gross is the president
of Computer Forensic Associates, electronic evidence
specialists, specializing in cybercrime and fraud
investigations. He is now teaching graduate-level
courses on forensic computer science, with techniques
used to investigate computer crime scenes as well
as computer hardware and software to solve computer
crimes. Goals of the courses include:
| • |
Introduce
students to the fundamentals of computer forensic
investigation. |
| • |
Provide
an understanding of the content and application
of electronic evidence. |
| • |
Provide
a hands on experience of the computer forensic
investigation process. |
| • |
Explore
practical applications and case studies in
computer forensic examinations. |
| • |
Develop
investigative skills and perspective. |
| • |
Provide
a foundation of forensic methodology and practice
including evidence gathering and handling. |
| • |
Introduce
examples of forensic examination tools and
software. |
| • |
Provide
a technical and theoretical foundation in
electronic evidence and computer forensics
necessary for more advanced study in the field.
|
Included in the curricula is everything from
general dtSearch forensic search applicability,
to advanced techniques for using dtSearch for
finding passwords and encryption keys (please
contact Computer Forensic Associates for details).
According to Mr. Gross’ class notes:
|
“dtSearch
is an industry standard tool beyond conventional
reproach and challenge.”
|
|
"dtSearch is not a forensic
tool in the classical definition. It is more of
a data management and searching utility that lends
itself perfectly to computer forensic examination.
Within the universe of electronic evidence search
tools, dtSearch is about as good and as powerful
as it gets. Whereas some forensic tools (and the
field of computer forensics in general) are often
held to be dubious black magic, dtSearch is an
industry standard tool beyond conventional reproach
and challenge.
"It is so useful that it is my practice to
use it in every case where a text string search
needs to be performed. This is invariably a secondary
external search done after the initial search
by the forensic software. Duplication and validation
of initial findings is a basic precept of effective
forensic examination.
"dtSearch is a potent searching/indexing
tool that is most effectively used independently
of other forensic software. The most useful application
is to forensically extract all potential evidentiary
content into a folder structure for indexing.
This would include all data files, file slack,
unallocated space, SWAP files and recovered deleted
content. Using a forensic platform to perform
the extraction, dtSearch is then used to create
the searchable index which will often obtain results
exceeding the internal search capabilities of
the forensic software.
"One significant advantage of using dtSearch
is its file support which often displays search
findings in a more easily viewable format that
the raw text often displayed by most forensic
software. Search hits containing e-mail content
will look like actual e-mails and documents will
often be displayed with much of their original
formatting. The viewing flexibility of dtSearch
is valuable for generating extracted evidence
that looks like it did in its original form …
It has an intuitive and user friendly interface
– experiment and explore to acquire mastery
of this essential tool."
For more information on the courses, or generally
in Computer Forensic Associates, please contact
Computer Forensic Associates at (410) 583-1473,
or by fax at (410) 583-5506. You can also email
them at info@4nsic.org,
or visit them online at www.4nsic.org.
|
