بیشترتوضیحاتافزودن یادداشت جدید Stoll 1989). Network monitoring tools like tcpdump and Ethereal can be used to capture network traffic but they are not specifically designed for collecting digital evidence. Commercial tools such as Carnivore, NetIntercept, NFR Security, NetWitness, and SilentRunner have been developed with integrated search, visualization, and analysis features to help digital investigators extract information from network traffic. As described in Part 3 of this book, there are other forms of evidence on computer networks, many of which do not have associated evidence collection tools, making this a very challenging area for digital investigators. Rather than relying on tools, networks often require an individual's ingenuity to collect and analyze evidence.There has been a similar progression in the evolution of tools for collecting evidence on embedded computer systems. It is common for digital investigators to read data from pagers, mobile phones, and personal digital assistants directly from the devices. However, this approach does not provide access to deleted data and may not be possible if the device is password protected or does not have a way to display the data it contains. Therefore, tools such as ZERT, TULP, and Cards4Labs have been developed to access password protected and deleted data (van der Knijff 2001). More sophisticated techniques involving electron microscopes are available to recover encrypted data from embedded systems but these are prohibitively expensive for most purposes.Over the years, bugs have been found in various digital evidence processing tools, potentially causing evidence to be missed or misinterpreted. To avoid the resulting miscarriages of justice that may result from such errors, it is desirable to assess the reliability of commonly used tools. The National Institute of Standards and Testing are making an effort to test some digital evidence processing tools. [Carrier 2002]. Providing programmers around the world with source code allows tool testers to gain a better understanding of the program and increases the chances that bugs will be found. It is acknowledged that commercial tool developers will want to keep some portions of their programs private to protect their competitive advantage. However, certain operations, such as copying data from a hard drive, are sufficiently common and critical to require an open standard. Ultimately, given the complexity of computer systems and the tools used to examine them, it is not possible to eliminate or even quantify the errors, uncertainties, and losses and digital investigators must validate their own results using multiple tools.[2]http://www.cftt.nist.gov/
لطفا منتظر باشید ...
