The Sleuth Kit
It comes with various tools that help in digital forensics. These tools help in analyzing disk images, performing an in-depth analysis of file systems, and various other things.
Libforensics maybe a library for developing digital forensics applications. it had been developed in Python and comes with various demo tools to extract information from various sorts of evidence.
Volatility is the memory forensics framework. It used for incident response and malware analysis. With this tool, you’ll extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files. This tool is out there for free of charge under the GPL license.
WindowsSCOPE is another memory forensics and reverses engineering tool used for analyzing volatile memory. it’s basically used for reverse engineering of malware. It provides the potential of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory.
The Coroner’s Toolkit
The Coroner’s Toolkit or TCT is additionally an honest digital forensic analysis tool. It runs under several Unix-related operating systems. It is often wont to aid analysis of computer disasters and data recovery.
Oxygen Forensic Suite
Oxygen Forensic Suite may be a nice software to collect evidence from mobile to support your case. This tool helps in gathering device information (including manufacturer, OS, IMEI number, serial number), contacts, messages (emails, SMS, MMS), recover deleted messages, call logs, and calendar information. It also allows you to access and analyze mobile device data and documents. It generates easy to know reports for better understanding.
Bulk Extractor is additionally a crucial and popular digital forensics tool. It scans the disk images, files, or directory of files to extract useful information. during this process. It ignores the filing system structure, so it’s faster than other available similar sorts of tools. It’s basically employed by intelligence and enforcement agencies in solving cyber crimes.
Xplico is an open-source network forensic analysis tool. it’s basically wont to extract useful data from applications that use the Internet and network protocols. It supports most of the favored protocols including HTTP, IMAP, POP, SMTP, SIP, TCP, UDP, TCP et al. It also supports IPv4 and IPv6 both.
Mandiant RedLine may be a popular tool for memory and file analysis. It collects information about running processes on a number, drivers from memory, and gathers other data like metadata, registry data, tasks, services, network information, and Internet history to create a correct report.
Computer Online Forensic Evidence Extractor (COFEE)
Computer Online Forensic Evidence Extractor or COFEE may be a carpenter’s kit developed for computer forensic experts. This tool was developed by Microsoft. To collect evidence from Windows systems. Just connect the USB device within the target computer and it starts a live analysis. It comes as well as with 150 different tools with a GUI based interface to command the tools. it’s fast and may perform the entire analysis in as few as 20 minutes. To enforcement agencies, Microsoft provides free technical support for the tool.
P2 eXplorer may be a forensic image mounting tool that aims to assist investigating officers with an examination of a case. With this image, you’ll mount forensic images as a read-only local and physical disc then explore the contents of the image with file explorer. you’ll easily view deleted data and unallocated space of the image.
It can mount several images at a time. It supports most of the image formats including EnCasem, safe back, PFR, FTK DD, WinImage, Raw images from Linux DD, and VMWare images as well as it supports both logical and physical image types.
plain sight is another useful digital forensics tool. it’s a CD-based Knoppix which may be a Linux distribution. a number of its uses include viewing Internet histories, data carving, checking USB device usage, memory dumps extracting password hashes, operation, examining Windows firewall configuration, seeing recent documents, and other useful tasks. For using this tool, you simply got to boot from the CD and therefore the follow the instructions.
The tool comes with a hardware device and software. The latest version as well as of the tool can recover data from all quite smartphones including Android, iPhone, and BlackBerry. It gathers deleted as well as data like call records, images, SMS, and text messages.