Showing Page:
1/4
1
Digital Forensic Investigation Tools
Name
Instructor
Course
Date
Showing Page:
2/4
2
Digital Forensic Investigation Tools
Wireshark and RAM Capturer are the two free forensic tools mostly used by cybercrime
professionals for investigation. Wireshark is an analyzer tool as well as an open-source network
capturer that enables someone to visualize the activities in the network. Wireshark networker
analyzer is the most used in the world. It enables one to follow the activities in the network. It is
used as the standard network analyzer in the majority of nonprofit and commercial organizations,
educational institutions, and government agencies (Husain & Khan, 2020). Wireshark is
equipped with a variety of rich features that are useful in analysis. It is able to deeply inspect
hundreds of network protocols and as more are added with time. With Wireshark, the user can
capture live network protocols and conduct offline analysis. It has a standard three-pane browser
which makes it easy and convenient to use. Wireshark can run on multiple platforms such as
Solaris, Windows, macOS, NetBSD among many others (Tarasov & Malakhov, 2015). It
provides the most powerful display filters compared to other forensic tools in the industry.
Wireshark can write or read a wide variety of capture file formats such as Pcap Ng, Microsoft
Network Monitor, Network Instruments Observer, and LAN Analyzer.
RAM Capturer is forensic by Belkasoft that helps to dump data from a computer's volatile
memory. It is reliable in extracting all the contents of the computer’s memory despite an active
antidumping and anti-debugging system.
Belka Live RAM Capturer is available in both 64 and 32 bit for the purpose of
minimizing its footprint. It can be used with all Windows including Windows 2003 2008, 7, 8
10, Vista, and XP.
I believe that RAM Capturer is the best choice to stop DOS, window, and network
attacks because it bypasses antidumping and anti-debugging protections, unlike other memory
Showing Page:
3/4
3
acquisition forensic tools. It beats many dumping applications due to its design goals (Tarasov &
Malakhov, 2015). The current memory capturing tools that compete with the Belka Live RAM
Capturer function in the user mode render them susceptible. Comparison between RAM
acquisition tools and Belkasoft RAM Capturer demonstrated the latter has the ability to obtain
protected data set while the others returned random data and an empty area.
Wireshark is the best option to stop window, DOS, or network attacks because it allows
someone to track the activities at a microscopic level as they occur in the networks. It also
provides the most powerful display filters in th industry. Wireshark supports the decryption of a
variety of protocols such as Kerberos, WEP, SSL, and WPA. It also allows live data to be read
from Bluetooth and USB, unlike other competing tools which d not have such activities
(McDown et al., 2015).
Belkasoft RAM Capturer is superior in capturing data in a protected memory set, unlike
other competing forensic tools. It is effective in bypassing the defense systems such as
antidumping and anti-debugging protection. Wireshark is a superior forensic tool in analyzing
traffic networks in real-time. It is also the most efficient and effective tool for addressing
troubleshooting problems on the network.
Showing Page:
4/4
4
References
McDown, R., Varol, C., Carvajal, L., & Chen, L. (2015). In-Depth Analysis of Computer
Memory Acquisition Software for Forensic Purposes. Journal Of Forensic Sciences, 61,
S110-S116. https://doi.org/10.1111/1556-4029.12979
Husain, M., & Khan, M. (2020). Critical concepts, standards, and techniques in cyber forensics.
Tarasov, V., & Malakhov, S. (2015). Statistical data handling program of Wireshark analyzer
and incoming traffic research. Proceedings Of The Institute For System Programming Of
The RAS, (3), 303-314. https://doi.org/10.15514/ispras-2015-27(3)-21

Unformatted Attachment Preview

1 Digital Forensic Investigation Tools Name Instructor Course Date 2 Digital Forensic Investigation Tools Wireshark and RAM Capturer are the two free forensic tools mostly used by cybercrime professionals for investigation. Wireshark is an analyzer tool as well as an open-source network capturer that enables someone to visualize the activities in the network. Wireshark networker analyzer is the most used in the world. It enables one to follow the activities in the network. It is used as the standard network analyzer in the majority of nonprofit and commercial organizations, educational institutions, and government agencies (Husain & Khan, 2020). Wireshark is equipped with a variety of rich features that are useful in analysis. It is able to deeply inspect hundreds of network protocols and as more are added with time. With Wireshark, the user can capture live network protocols and conduct offline analysis. It has a standard three-pane browser which makes it easy and convenient to use. Wireshark can run on multiple platforms such as Solaris, Windows, macOS, NetBSD among many others (Tarasov & Malakhov, 2015). It provides the most powerful display filters compared to other forensic tools in the industry. Wireshark can write or read a wide variety of capture file formats such as Pcap Ng, Microsoft Network Monitor, Network Instruments Observer, and LAN Analyzer. RAM Capturer is forensic by Belkasoft that helps to dump data from a computer's volatile memory. It is reliable in extracting all the contents of the computer’s memory despite an active antidumping and anti-debugging system. Belka Live RAM Capturer is available in both 64 and 32 bit for the purpose of minimizing its footprint. It can be used with all Windows including Windows 2003 2008, 7, 8 10, Vista, and XP. I believe that RAM Capturer is the best choice to stop DOS, window, and network attacks because it bypasses antidumping and anti-debugging protections, unlike other memory 3 acquisition forensic tools. It beats many dumping applications due to its design goals (Tarasov & Malakhov, 2015). The current memory capturing tools that compete with the Belka Live RAM Capturer function in the user mode render them susceptible. Comparison between RAM acquisition tools and Belkasoft RAM Capturer demonstrated the latter has the ability to obtain protected data set while the others returned random data and an empty area. Wireshark is the best option to stop window, DOS, or network attacks because it allows someone to track the activities at a microscopic level as they occur in the networks. It also provides the most powerful display filters in th industry. Wireshark supports the decryption of a variety of protocols such as Kerberos, WEP, SSL, and WPA. It also allows live data to be read from Bluetooth and USB, unlike other competing tools which d not have such activities (McDown et al., 2015). Belkasoft RAM Capturer is superior in capturing data in a protected memory set, unlike other competing forensic tools. It is effective in bypassing the defense systems such as antidumping and anti-debugging protection. Wireshark is a superior forensic tool in analyzing traffic networks in real-time. It is also the most efficient and effective tool for addressing troubleshooting problems on the network. 4 References McDown, R., Varol, C., Carvajal, L., & Chen, L. (2015). In-Depth Analysis of Computer Memory Acquisition Software for Forensic Purposes. Journal Of Forensic Sciences, 61, S110-S116. https://doi.org/10.1111/1556-4029.12979 Husain, M., & Khan, M. (2020). Critical concepts, standards, and techniques in cyber forensics. Tarasov, V., & Malakhov, S. (2015). Statistical data handling program of Wireshark analyzer and incoming traffic research. Proceedings Of The Institute For System Programming Of The RAS, (3), 303-314. https://doi.org/10.15514/ispras-2015-27(3)-21 Name: Description: ...
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4