What Are Some Computer Forensics Tools?


Quick Answer

Some computer forensics tools include disk imaging software, hashing tools, software write tools, file recovery programs, encryption decoding software and analysis programs, according to HowStuffWorks. Law enforcement investigative units use computer forensics tools to gather evidence against alleged perpetrators. Police departments still have to follow the correct procedures to collect evidence, otherwise the investigative work may not be admissible in court.

Continue Reading
Related Videos

Full Answer

Disk imaging software copies files on a computer's hard drive and preserves the way files are stored and organized. That way, investigators are able to see what is on a person's hard drive. Hashing tools compare original hard disks to copies. This type of software compares files to see if the copies match the original file.

Software and hardware write tools reconstruct hard drives. Some of these tools require investigators to remove the hard drive from a computer before the copy is made. These forensics items do not alter the information on the hard drive.

File recovery programs restore deleted data. This software finds files marked for deletion but are not yet overwritten in the computer's memory. Sometimes this tool finds incomplete files because some part of the file was overwritten but another part was not.

Encryption decoders find passwords that give investigators access to protected data. This forensic tool is useful for finding information suspects want to keep hidden. Analysis programs look for specific content on a hard drive that may lead to evidence against a suspect.

Learn more about Computer Programming

Related Questions