Requirements

As well as a reasonably powerful computer running Windows you may also need:

A second computer

For network acquisition examples, in addition many of the tools run under Linux, so a secondary Linux machine may be of use

A spare hard drive

For acquisition examples. This could be an internal or external drive, or even a USB pen drive. Bear in mind that a large hard drive with lots of data can take a substantial amount of time to copy.

Digital forensics software tends to be enterprise level, and excessively expensive for personal use. However, this book makes use of various free tools as well as demo versions of commercial software.

For computer forensics one of the major commercial tools is "Forensic Toolkit", from Access Data. Although currently on version 3.X an older demonstration copy (V 1.8.X) is available from their website. This will work for a short amount of time, sufficient for the examples in this book. You can find other suggestions for tools on the Forensic tools page. Various other free tools are available and will be used (or suggested) in the practical sections of the book.

In addition you may need a word editor; such as Microsoft Word or Open Office (alternately you could use the online Google Docs).

Most of the topic-specific technical terms in this book are clearly defined where used, so prior knowledge of forensic terminology is unnecessary (there is also a glossary with relevant terms defined). As is a knowledge of the basic ideas behind forensic science.

However, the book assumes a working knowledge of computers and how they operate. The following material might be useful reference:

• Computers for Beginners
• The chapter Computer Components, The Stored Program Concept and the Internet from A-level Computing.
• The Computer Revolution (a fairly unstructured book, but with more information on specific components)