Equipment to include in a computer forensic toolkit

For those beginning their computer forensic investigator career, an important aspect to consider is what equipment is needed to carry out successful investigations.

While software is a critical component of the job, examiners should have a complete computer forensic toolkit that consists of a computer workstation and a response kit to take out into the field.

In Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, computer forensic investigator and author William Oettinger teaches new and experienced investigators everything they need to search for and analyze digital evidence, including which software and hardware to consider.

In the following excerpt from Chapter 2, learn about the forensic analysis process, starting with a look at the equipment Oettinger recommends including in a computer forensic toolkit. Download a PDF of the rest of Chapter 2 here.

Check out an interview with Oettinger, where he offers advice on starting down the computer forensic investigator career path.

The Forensic Analysis Process

We will now discuss the forensic analysis process. As a forensic investigator, you will need to create a strategy that will enable you to conduct an efficient investigation. You also need to make sure you are familiar with your tools and the results that they will provide. Without a process, you will waste time examining data that will not impact your investigation, and you will not be able to rely on your tools. In addition, you want to make sure you get valid results from the tools you deploy. Finally, to be thorough and efficient, you must use critical thinking to determine the best investigation or exam method.

Book cover image for Learn Computer Forensics by William OettingerClick here to learn more about

Learn Computer Forensics.

While there are similarities in every investigation, you will find differences that will require you to have an exam strategy to be efficient. I am not a fan of keeping an examination checklist because there will be areas that aren’t relevant, such as different operating systems, physical topography of the network, criminal elements, and suspects. These variables ensure that no two examinations or investigations are the same and will…