Q: There are so many tools. Do we need them all?

A: It is important to become familiar with a wide range of tools. It is not necessary to have all the tools.

Q: Many of the tools run on an operating system I am not familiar with. Do I need to become familiar with these operating systems?

A: Although it is good to have some level of familiarity with a wide range of systems, these tools are available for most operating systems. Whether you are familiar with Linux, Windows, or another operating system, it is likely that you will be able to find a tool that does the function you need that runs on that system.

Q: What types of evidence can digital forensics tools provide?

A: Computers store large amounts of data to a network or system of hard disks. Much of this information is stored without the user being conscious of its existence. This data may be in the form of tangible files or information that the computer used to carry out a specific task. A few examples are user files, system files, deleted files, and system data that enable the computer to perform its tasks.

Q: If I am unsure what has occurred and think that the case may never go to court. Do I still need to image the drive?

A: You never know what may occur. Imaging the drive is useful if something...