At WiseGEEK, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.
There are a number of different computer forensics tools available from various software developers, though most of them are designed as individual applications or larger toolkits. Many of these programs are designed to allow forensic specialists to view and save information from one storage device to another, including disk imagers that create an “image” of a hard drive. There are also programs that can be used to recover data that was deleted from a drive or view metadata on a media format or file. While many of these computer forensics tools are available individually, some toolkits have also been created that combine multiple utilities in a single application.
One of the most popular and useful computer forensics tools is a program often referred to as a disk imager. This program can be used to create an “image” of a disk, including portable media devices and hard disk drives. The image is actually a copy of all of the information stored on the disk, which allows a computer forensic analyst to create a copy of a drive for further research. These computer forensics tools are essential in criminal investigations, allowing work to be done on a copy of a drive without risking the original drive and the data found on it.
There are also numerous computer forensics tools developed to provide analysts with utilities to recover and view various types of data. These programs can include partition managers and viewers, which allow forensic workers to view files or partitions that may be hidden on a computer, as well as software that can be used to recover files that were deleted from a computer. Deleted files often leave behind pieces of data that can be used to potentially re-create the original file or to at least view part of the file.
Computer forensics tools can also be developed to help users find and analyze metadata on a disk or associated with a file. This type of data can be used to determine where a disk was used on a computer or to find when a file may have been altered or accessed in the past. These computer forensics tools are often provided by software companies as individual utilities, though they may also be available in a bundle or toolkit. Such programs and toolkits can be quite expensive, since they are often developed for law enforcement or corporate use, and the toolkits may actually provide these utilities at a lower overall price for use by forensic professionals.