±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35413
New Yesterday: 5 Visitors: 130

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

A question about operating systems

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Rastun
Newbie
 

A question about operating systems

Post Posted: Jan 08, 19 13:25

I am a student currently pursuing a degree in Information Technology - Cyber Security and happen to be taking a course on Digital Forensics and legal.
I tried searching for this question but really only came across a very old thread about which Linux Distro was best.

A question that has come up that I would really like to get a broad consensus on is: "What operating system is most commonly used for digital forensics?"  
 
  

redcat
Senior Member
 

Re: A question about operating systems

Post Posted: Jan 08, 19 13:58

A competent forensic investigator should be comfortable using all major versions of Windows, Linux, and MacOS and will use whichever is most appropriate for whatever they are investigating.  
 
  

Rastun
Newbie
 

Re: A question about operating systems

Post Posted: Jan 08, 19 14:02

Redcat,
I must say that makes perfect sense and when the question was first posed I was thinking the answer would be "Well it depends on the situation"  
 
  

jaclaz
Senior Member
 

Re: A question about operating systems

Post Posted: Jan 08, 19 14:26

- Rastun

A question that has come up that I would really like to get a broad consensus on is: "What operating system is most commonly used for digital forensics?"


It is one of those questions that are IMHO extremely difficult to answer, as there is not any consensus (let alone broad) on what exactly is "digital forensics".

Let's divide first into:
1) PC's (personal computers) being them desktops and laptops
2) Mobile thingies being them smartphones, phablets and tablets
3) Servers (both internal/large business servers and web/providers ones)

Then, for each of these (each rather "large" ) subsets, we need to determine what devices are more common and which kind of cases are more common.

To give you an example, an unauthorized access to a company server may be both a civil and a criminal case, and while its investigation belongs to digital forensics, it is very different (both in OS and in tools used) from a case of libel or treats on a web page/blog/facebook/twitter (which again may be both a civil and a criminal case), and very different from a (criminal only) case of pedo-pornography or - still say - the digital forensics connected to a homicide or a terrorism act.

Then you would need actual data on the amount of each of these different kind of cases investigated (many of which may use different OS/tools for different parts of each of these investigations) by both possible parties (investigators working for prosecution and for defense) besides the non-criminal ones (as an example "internal" incident response and post-mortems, which while more "security" related definitely belong to digital forensics), and you would probably need to add some "weight" for the "duration" of each investigation (I mean analyzing a single smartphone takes much less time than carving tens of large hard disks).

I doubt that you will manage to get anything more accurate than "wild guesses" with a classification like:
1) Windows
2) Linux
3) Mac OS
or maybe:
1)Windows
2) Mac OS
3)Linux
which more or less reflects the normal diffusion of each OS on desktops/laprops.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

xandstorm
Member
 

Re: A question about operating systems

Post Posted: Jan 08, 19 21:26

- jaclaz


Let's divide first into:
1) PC's (personal computers) being them desktops and laptops
2) Mobile thingies being them smartphones, phablets and tablets
3) Servers (both internal/large business servers and web/providers ones)

jaclaz


Let's not forget 4)... Networking - routing and switching forensics.
Often times overlooked but router forensics are a treasure chest.

Saludos,
Lex  
 
  

jahearne
Member
 

Re: A question about operating systems

Post Posted: Jan 16, 19 22:50

Most commercial forensic software runs on Windows operating system. There are a lot of commercial forensic software the runs on Mac, Blacklight comes to mind. All your free distributions are on Linux.

All that really matters is what platform the company is using that hires you!  
 

Page 1 of 1