From ConShell
Jump to: navigation, search

Digitial Forensics Tools

There are a vast array of tools for network and system forensics analysis.

Two other VERY GOOD sources are:

Each tool listed here includes, name - URL and a short description. A Status: line to indicate whether I have evaluated/used (or currently use) and an optional rating (e.g. Like) the tool. Almost all of this is SOFTWARE. Much of it is OPEN SOURCE (thus free)! --Delimiter (talk) 23:05, 21 March 2013 (PDT)

Darik's Boot And Nuke -
Darik's Boot and Nuke (DBAN) is a free media erasure software designed for consumer use. Securely wipes almost any drive with DoD strength. Safety in numbers!
Tags: Use, Like, Open source
EnCase Forensic -
Cream of the crop software, but expensive $$$ thus out of reach to many
Tags: expensive, very proprietary
Forensic Toolkit (FTK) -
Touted as the leading forensic tool to perform e-mail analysis (among other things). $$
Tags: Used, Like
Helix Live CD -
This is a bootable live CD based off Knoppix. Includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. It can also be dropped into a running Windows system for live data capture and analysis. Newer versions are subscription based.
Tags: Use, Like, $$
ImageJ -
Image processing application courtesy of NIH. Many formats supported. Plugins.
Tags: Pending-Eval
Internet Evidence Finder (IEF) -
Full featured evidence recovery of Internet & browser artifacts
Tags: Use, Like, $$
Kali Linux - (was Backtrack -
Aimed at digital forensics and penetration testing.
Tags: Use, Like, Open source
McAfee Security Tools Collection -
A nice collection of tools for free download. Includes fport, pasco, rootkitremover
Tags: Soon
Nessus Vulnerability Scanner -
Fantastic network-based audit toolset. 50,000+ vulnerability and configuration checks (plugins) – new plugins updated daily. Forked to open-source OpenVAS - OpenVAS - Open Vulnerability Assessment System - back about 2009?
Tags: Use, Like, $$, Open source
NetworkMiner -
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file
Tags: Pending
NotMyFault -
Crash dump generator for Windows systems. Part of the infamous SysInternals collection.
Tags: Soon
Oxygen Forensics Suite 2013 -
Mobile device forensics
Tags: Used, Like, $$
Paladin -
Live (bootable) Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner.
Tags: Soon
ProDiscover Forensics -
powerful computer security tool that enables computer professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings. Basic version is $free.
Tags: Used, $$
SIFT Workstation -
Created by SANS ( this is a suite of ready-run applications bundled in a Vmware system image or DVD ISO.
Tags: Pending Eval
SleuthKit (TSK) and Autopsy -
Both are open source digital investigation tools that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.
Tags: Use, Like
Windows Sysinternals -
advanced system utilities to help you manage, troubleshoot and diagnose Windows systems and applications
Tags: Use, Like
X-Ways Forensics -
Powerful forensics analysis tool, similar to WinHex.
Tags: Used, costly