Computer & Network Forensics Tools
There are a vast array of tools for network and system forensics analysis.
Two other VERY GOOD sources are:
Each tool listed here includes, name - URL and a short description. A Status: line to indicate whether I have evaluated/used (or currently use) and an optional rating (e.g. Like) the tool. Almost all of this is SOFTWARE. Much of it is OPEN SOURCE (thus free)!
Darik's Boot and Nuke
Darik's Boot and Nuke (commonly referred to as DBAN) is a free media erasure software designed for consumer use. Securely wipes almost any drive with DoD strength. Safety in numbers!
Tags: Use, Like, Open source
EnCase Forensic
http://www.guidancesoftware.com/products/ef_index.asp
Cream of the crop software, but also expensive
Tags: Used, Like
Helix Live CD
This is a bootable live CD based off Knoppix. Includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. It can also be dropped into a running Windows system for live data capture and analysis. Newer versions are subscription based.
Tags: Use, Like
ImageJ
Image processing application courtesy of NIH. Many formats supported. Plugins.
Internet Evidence Finder (IEF)
http://www.magnetforensics.com/products/internet-evidence-finder/
Internet Evidence Finder (IEF)
Full featured evidence recovery of Internet & browser artifacts
Kali Linux
http://www.kali.org/
formerly known as "Backtrack"
Aimed at digital forensics and penetration testing.
McAfee Security Tools Collection
http://www.mcafee.com/us/downloads/free-tools/index.aspx
A nice collection of tools for free download. Includes fport, pasco, rootkitremover
Nessus Vulnerability Scanner
http://www.tenable.com/products/nessus
Fantastic network-based audit toolset. 50,000+ vulnerability and configuration checks (plugins) – new plugins updated daily. Forked as open-source OpenVAS - OpenVAS - Open Vulnerability Assessment System - http://www.openvas.org/ back about 2009?
NetworkMiner
http://sourceforge.net/projects/networkminer/
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file
NotMyFault
http://technet.microsoft.com/en-us/sysinternals/bb963901
Crash dump generator for Windows systems. Part of the infamous SysInternals collection.
Oxygen Forensics Suite
http://www.oxygen-forensic.com/en/download/
Mobile device (smart phone) forensics
Paladin
http://www.sumuri.com/index.php/joomla/what-is-paladin-forensic-software
Live (bootable) Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner.
ProDiscover Forensics
http://www.techpathways.com/prodiscoverdft.htm
Powerful computer security tool that enables computer professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings. Basic version is $free.
SIFT Workstation
http://computer-forensics.sans.org/community/downloads
Created by SANS (http://www.sans.org) this is a suite of ready-run applications bundled in a Vmware system image or DVD ISO.
SleuthKit (TSK) and Autopsy
Both are open source digital investigation tools that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.
Windows Sysinternals
http://technet.microsoft.com/en-us/sysinternals
Advanced system utilities to help you manage, troubleshoot and diagnose Windows systems and applications
X-Ways Forensics
http://www.x-ways.net/forensics/index-m.html
Powerful professional forensic analysis tool, similar to WinHex.