Appendix A. Tools Used in This Research
Guidance Software's EnCase v. 6.16.2 (Forensic Application)
Available from www.guidancesoftware.com/EnCase is an industry standard in digital forensic examinations. Guidance Software provides solutions for the forensic and e-discovery needs of the industry. From their Web site:
Guidance Software offers eDiscovery, data discovery, and computer forensics solutions for corporations and government agencies. Validated by numerous courts, corporate legal departments, and government agencies, our EnCase technology is used by over 30,000 licensed users worldwide.
A special thanks to Guidance Software for providing a license for their application for this research.
IDA Pro v. 6 (Used for Decompiling Files and Debugging)
IDA Pro is a program that is used to decompile and debug various applications with support for several processor types. The application is available from www.hex-rays.com/idapro/ and is one of the leading decompilers. A better description of the application and its functionality is provided from their Web site:
The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. See this executive overview for a summary of its features and uses.
A special thanks to Hex-Rays for providing a license for their application for this research.
X-Ways Forensic v. 15.5 SR 4 (Forensic Application)
X-Ways Forensic is another industry tool that is gaining in popularity on the world market; it is a dominant force in Europe. The company provides training and forensic applications to the community and is based in Cologne, Germany. X-Ways is one of the products that they offer and is available from www.x-ways.net/. A more accurate description is provided from their Web site:
X-Ways is the leading developer and supplier of computer forensics software in Europe. Our software is used for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security. Plus we offer computer forensics training and courses for our software and data recovery services.
A special thanks to X-Ways for providing a license for its application for this research.
Wiebetech Write Blockers
Wiebetech is a provider of many products, from data storage to write blockers. Its Web site, www.wiebetech.com/home.php, provides a good overview of the products that are offered by the corporation, products that are used by a wide variety of industries and that have been showcased on several television shows. The UltraDock and USB Write Blocker were both used in the research for this book.
A special thanks to Wiebetech for providing the UltraDock and USB Write Blockers for this research.
Access Data's Forensic Tool Kit V. 1.70.1 (Forensic Application)
Access Data's Forensic Tool Kit, or FTK, is available from www.accessdata.com/ and it is yet another industry leading forensic application. A description of its products is provided from its Web site:
We've pioneered digital investigations for 20+ years. Our Forensic Toolkit®, cyber security and eDiscovery software solutions allow organizations to preview, search for, forensically preserve, process and analyze electronic evidence. Law enforcement, government agencies & corporations use our digital investigations solutions to address computer forensics investigations, incident response, eDiscovery and information assurance.
wxPIRS (Used to Uncompress PIRS Files)
wxPIRS is an application that is available for download from http://gael360.free.fr/wxPirs.php. At the time of this writing, the application is free of charge and is one of many that are available from this site. The program is used for viewing and extracting compressed files from the custom PIRS files that are located on a FATX-formatted storage device. Consider this application a zip archive program for the PIRS files, enabling the uncompressing of PIRS files to view the files contained within.
Xplorer360
Xplorer360 is one of the few applications that have been coded to deconstruct the FATX file chains and, therefore, can present the FATX files structure in a GUI format. As of this writing, the program is available for free from several Web sites; a simple Web search will locate the application. The application is provided without support.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.