Standard SEL
Interactive SEL
Canadian REL
IAB Interactive Standardized Equipment List
return to main tree
Search Interactive SEL:
[05EN-00-ETRN] Prev
[05HS-00-MALW] Next
SEL Number:
05HS-00-FRNS
Title:
Software, Forensic
Click here to check for SAVER documents related to this item.
Last Updated:
6/28/2022 10:19:35 AM
Previous SEL Number:
05HS-00-FRNS
Description:
Application suites that allow in-depth analysis of hosts based on operating system and file systems. Software of this type may be used by law enforcement officers, government/corporate investigators and consultants to investigate the aftermath of computer-related crimes. Forensics software generally includes disk analysis tools, tools for the recovery of deleted files, and integrated database support to mark files and data of interest to investigators.
This functionality may also be obtainable via subscription as a cloud-based service using a web browser interface, as opposed to purchasing software. See 04AP-11-SAAS for further information.
ImportantFeatures:
Will support a specific list of operating systems (e.g., Windows, Linux, Solaris).
Will support a specific list of file systems, such as FAT16, FAT32, NTFS, EXT2/3 (Linux), Reiser (Linux), UFS (e.g., Sun Solaris), AIX Journaling File System (JFS and jfs) LVM8. FFS (OpenBSD, NetBSD, and FreeBSD), Palm, HFS, HFS+ (Macintosh), CDFS, ISO 9660, UDF, DVD.
Will support drives in various RAID configurations.
Support for evidence collection and chain of custody.
Analysis of E-mail, Internet communications, and document files.
May support analysis of mobile devices (Android, iOS, Windows Mobile, etc.)
Operating Considerations:
Some packages may require add-on applications.
Some packages may not support all file systems or OS types.
May require purchase of additional tools to support analysis of hand-held devices (Palm/Blackberry/etc.).
May require additional hardware purchases to run the Forensics suite.
Will require additional hardware for data transfer of images, etc.
Training Requirements:
Core Training: Per Manufacturer's Specifications
Initial Training: Extensive (> 2 days)
Sustainment Training: Extensive (> 2 days)
Mandatory Standards:
Applicable Standards and References:
NIST SP 800-036, Guide to Selecting Information Security Products, Oct 2003 (WITHDRAWN, still available.)
NIST SP 800-083, Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops, July 2013
MSSL:
Law Enforcement: Forensic Technician