Computer forensics’ image analysis

What is your understanding of computer forensics’ image analysis?

Computer forensics’ image analysis makes a bit-by-bit copy of the source media. The images are, just that, images or snapshots and can’t be used as a working copy. Images are for analysis and to make sure evidence isn’t compromised.

What tools have you heard about that can be used for image analysis?

In search for the best computer forensics’ image analysis tool, I found an article written by Raghavan and Raghavan (2013) called A Study of Forensic & Analysis Tools list over sixteen different forensic and analysis tools. Some of the tools listed are “Encase, FTK, X-Ways, Nuix, TCT, Sleuthkit, DFF, OCFA, Snorkel and LibForensics.” (p. 1 para. 2) It used 9 different categories to rate the tools.

Which tool would you choose for your investigation?


Why did you choose this tool? What benefits does it have over the other tools you have heard about?

Altheide and Carvey (2021) writes in, Digital Forensics with Open Source Tools, the “PyFlag is the Python-based Forensics and Log Analysis GUI… PyFlag is a Web-based, databased-backed application… can support multiple users on a single case or multiple users working on different cases in parallel. “(p. 212 para. 2) PyFlag hit all nine categories in the Raghavan and Raghavan (2013) article. The two biggest one that PyFlag had over most of the tools was log and packet capture examination. Both of these are important for different reasons: 1. The log examination can tell you if there are hidden directories/files/folders. If you see a log for data but can’t locate the data. 2. The packet examination can see the MAC address and if tampered with and who sent/received the data.

What are the disadvantages of this tool?

Sample Solution