Forensics/Tools

From ConShell
Jump to: navigation, search

Digitial Forensics Tools

There are a vast array of tools for network and system forensics analysis.

Two other VERY GOOD sources are:

Each tool listed here includes, name - URL and a short description. A Status: line to indicate whether I have evaluated/used (or currently use) and an optional rating (e.g. Like) the tool. Almost all of this is SOFTWARE. Much of it is OPEN SOURCE (thus free)! --Delimiter (talk) 23:05, 21 March 2013 (PDT)


Darik's Boot And Nuke - http://www.dban.org/
Darik's Boot and Nuke (DBAN) is a free media erasure software designed for consumer use. Securely wipes almost any drive with DoD strength. Safety in numbers!
Tags: Use, Like, Open source
EnCase Forensic - http://www.guidancesoftware.com/products/ef_index.asp
Cream of the crop software, but expensive $$$ thus out of reach to many
Tags: expensive, very proprietary
Forensic Toolkit (FTK) - http://www.accessdata.com/products/ftk/
Touted as the leading forensic tool to perform e-mail analysis (among other things). $$
Tags: Used, Like
Helix Live CD - http://www.e-fense.com/helix/
This is a bootable live CD based off Knoppix. Includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. It can also be dropped into a running Windows system for live data capture and analysis. Newer versions are subscription based.
Tags: Use, Like, $$
ImageJ - http://rsb.info.nih.gov/ij/
Image processing application courtesy of NIH. Many formats supported. Plugins.
Tags: Pending-Eval
Internet Evidence Finder (IEF) - http://www.magnetforensics.com/products/internet-evidence-finder/
Full featured evidence recovery of Internet & browser artifacts
Tags: Use, Like, $$
Kali Linux - http://www.kali.org/ (was Backtrack - http://www.backtrack-linux.org/)
Aimed at digital forensics and penetration testing.
Tags: Use, Like, Open source
McAfee Security Tools Collection - http://www.mcafee.com/us/downloads/free-tools/index.aspx
A nice collection of tools for free download. Includes fport, pasco, rootkitremover
Tags: Soon
Nessus Vulnerability Scanner - http://www.tenable.com/products/nessus
Fantastic network-based audit toolset. 50,000+ vulnerability and configuration checks (plugins) – new plugins updated daily. Forked to open-source OpenVAS - OpenVAS - Open Vulnerability Assessment System - http://www.openvas.org/ back about 2009?
Tags: Use, Like, $$, Open source
NetworkMiner - http://sourceforge.net/projects/networkminer/
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file
Tags: Pending
NotMyFault - http://technet.microsoft.com/en-us/sysinternals/bb963901
Crash dump generator for Windows systems. Part of the infamous SysInternals collection.
Tags: Soon
Oxygen Forensics Suite 2013 - http://www.oxygen-forensic.com/en/download/
Mobile device forensics
Tags: Used, Like, $$
Paladin - http://www.sumuri.com/index.php/joomla/what-is-paladin-forensic-software
Live (bootable) Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner.
Tags: Soon
ProDiscover Forensics - http://www.techpathways.com/prodiscoverdft.htm
powerful computer security tool that enables computer professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings. Basic version is $free.
Tags: Used, $$
SIFT Workstation - http://computer-forensics.sans.org/community/downloads
Created by SANS (http://www.sans.org) this is a suite of ready-run applications bundled in a Vmware system image or DVD ISO.
Tags: Pending Eval
SleuthKit (TSK) and Autopsy - http://www.sleuthkit.org/
Both are open source digital investigation tools that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.
Tags: Use, Like
Windows Sysinternals - http://technet.microsoft.com/en-us/sysinternals
advanced system utilities to help you manage, troubleshoot and diagnose Windows systems and applications
Tags: Use, Like
X-Ways Forensics - http://www.x-ways.net/forensics/index-m.html
Powerful forensics analysis tool, similar to WinHex.
Tags: Used, costly