Explain what tools the forensics team uses for each platfor

+ Explain what tools the forensics team uses for each platform. If the team uses one tool for more than one operating system (OS), explain that. At a minimum, include a discussion on tools for the following:

UNIX-like systems

Windows systems

+ Identify any special add-on features to tools that may be necessary (e.g., write-blockers).

+ Explain how the team uses these tools in your organization (e.g., designated laptops, specialized lab setups, etc.).

+ Explain why the team uses the tool with this specific configuration.

Solution

Forensics team uses various tools on different platform for preservation, identification, extraction of the computer evidence which can be used in the court of law.
i) The tools used on Unix operating system are given below:
   a) CAINE (Computer Aided Investigative Environment): Its provide the GUI based investigation tool for the forensics team. Its very helpful tool in the digital investigation.
   b) KALI: Its also one of the top most choice of the forensics team members. Its unix based tool, that is being used for digital investigation.
  
ii) The tools used on Windows operating systems as well as on Unix:
   a) Wireshark: Its basically one of the powerful tool for investigation of the data packets on both platforms unix as well as on windows.
  
iii) The tools used on Windows operating systems are given below:
   a) Encase: Its a multipurpose forensics tool used for various types of investigation.
   b) Registry Recon: Its the forensics tool that is being used to build the windows registry entries and can be used for deep analysis of data.
  
iv) Addon Feature to Tools:
   If we talk abouth wireshark that is cross platform tool, the addon feature of snooping the data packets is used to get the optimal results

v) The team uses these tools on the bases of type of investigation. These tools can be used in following ways:
   a) For very high level of investigation, a forensics team lab can be setup, where these tools can be used on multiple servers.
   b) More preference is given to cross platform tools, as they can be used in multiple operating systems.
   c) For small level of investigation, tools can be used on single server only.
  
vi) Team always uses the tools with specific configuration because of following given reasons:
   a) Forensics team always looks for optimal and best results and for that they have to configure the tools accordingly.
   b) For getting the desired informations and proof in quicktime, configuration of tools are required.
   c) To make tools more effective and more secure, various passwords as well as other configurations are being done.