Free Computer Tools for Disk Forensics. In the first article in this series we looked at free tools for data mirroring, and in the second installment we looked at tools available for registry forensics. Now we will move on to tools for disk forensics, which is the process of acquiring and analyzing the data stored on physical storage media. Disk forensics includes the recovery of hidden and deleted data and also file identification, the process of identifying who created a file or message. Tool: ADS Locator The ADS Locator can be used to find files that have alternate ADS streams attached. Tool: Disk Investigator Disk Investigator helps you to discover all that is hidden on your computer hard disk. It helps to view and search raw directories, files, clusters, and system sectors. Tool: Recuva Recuva is a free file recovery program that is capable of recovering lost or deleted files from local drives and external drives. Tool: Encrypted Disk Detector Tool: Passware Encryption Analyzer Related Articles: Resources:
Top 20 Free Digital Forensic Investigation Tools for SysAdmins Digital forensics tools come in many categories, so the exact choice of tool depends on where and how you want to use it. Here are some broad categories to give you an idea of the variety that comes under the umbrella of digital forensics tools: Database forensicsEmail analysisAudio/video forensicsInternet browsing analysisNetwork forensicsMemory forensicsFile analysisDisk and data captureComputer forensicsDigital image forensics While this is not an exhaustive list, it gives you a picture of what constitutes digital forensics tools and what you can do with them. Sometimes multiple tools are packaged together into a single toolkit to help you tap into the potential of related tools. Also, it is important to note that these categories can get blurred at times depending on the skill set of the staff, the lab conditions, availability of equipment, existing laws, and contractual obligations. Choosing the right tool Skill level Output Cost Focus Additional accessories Key features 03 Volatility 17 HxD
Free Network Sniffers, Analyzers and Stumbers. This article will look at free network sniffers, analyzers, and stumblers for Windows, Mac, Linux, and even Android. Introduction There are many commercial network tools out there offering all the bells and whistles, but sometimes a simpler product will do the job. You can use them during site surveys, installs, troubleshooting, and even auditing. Here you’ll discover free network sniffers, analyzers, and stumblers for Windows, Mac, Linux, and even Android. Wireshark (Multiple platforms) Wireshark (Formally Ethereal) is a popular network protocol analyzer. Kismet (Multiple platforms) Kismet is a wireless network sniffer, analyzer, stumbler and intrusion detection system that can run on multiple platforms, including Linux, Mac OS X, and Windows. InSSIDer (Multiple platforms) InSSIDer is a free Wi-Fi stumbler from MetaGeek, the maker of the Wi-Spy spectrum analyzer and many other network products. Vistumbler (Windows) NetSurveyor (Windows) AnalogX PacketMon (Windows) G-MoN (Android) KisMAC (Mac)
Tools:Memory Imaging The physical memory of computers can be imaged and analyzed using a variety of tools. Because the procedure for accessing physical memory varies between operating systems, these tools are listed by operating system. Once memory has been imaged, it is subjected to memory analysis to ascertain the state of the system, extract artifacts, and so on. One of the most vexing problems for memory imaging is verifying that the image has been created correctly. That is, verifying that it reflects the actual contents of memory at the time of its creation. Memory Imaging Techniques Crash Dumps When configured to create a full memory dump, Windows operating systems will automatically save an image of physical memory when a bugcheck (aka blue screen or kernel panic) occurs. LiveKd Dumps The Sysinternals tool LiveKd can be used to create an image of physical memory on a live machine in crash dump format. Hibernation Files Firewire At CanSec West 05, Michael Becher, Maximillian Dornseif, and Christian N. Xen
21 Popular Computer Forensics Tools Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime. For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team. These computer forensics tools can also be classified into various categories: Disk and data capture toolsFile viewersFile analysis toolsRegistry analysis toolsInternet analysis toolsEmail analysis toolsMobile devices analysis toolsMac OS analysis toolsNetwork forensics toolsDatabase forensics tools 1. Download: 2. 4. 5. 6. 7. 8. 9. 10. 11.
UNIX System Administration: Solaris, AIX, HP-UX, Tru64, BSD.: Digital Forensic Tools: Imaging, Virtualization, Cryptanalysis, Steganalysis, Data Recovery, Data Carving, Reverse Engineering "Jrypbzr gb gur bgure fvqr." Computer Forensics is a science and an art. And to perform it, you need tools to identify, acquisition, preserve and analyze data in a clean, safe, non-destructive manner. Lots of tools. A list of more or less free tools (mostly open source or freeware, but I have included some relevant commercial products) no digital forensics expert should be without: Data acquisition, enumeration, imaging and forensics tools: Toolkits and utilities. The Sleuth Kit and Autopsy Browser. Password recovery tools: You may often need to recover keys and passwords. "This text has been encrypted twice... for double protection!" Ophcrack is a very efficient Windows password cracker based on rainbow tables. Steganalysis and stenography: how to detect hidden data using stenography.
Top 15 Open Source. Free Security. Tools. 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. 6. ettercap 7. 8. 9. 10. w3af 11. hping 12. burpsuite 13. 14. sqlmap
SIFT Kit/Workstation: Investigative Forensic Toolkit Download SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 Download SIFT Workstation VMware Appliance Now - 1.5 GB Having trouble downloading? If you are having trouble downloading the SIFT Kit please contact sift-support@sans.org and include the URL you were given, your IP address, browser type, and if you are using a proxy of any kind. Having trouble with SIFT 3? If you are experiencing errors in SIFT 3 itself, please submit errors, bugs, and recommended updates here: How To: Download Ubuntu 14.04 ISO file and install Ubuntu 14.04 on any system. -> Once installed, open a terminal and run "wget --quiet -O - | sudo bash -s -- -i -s -y" Congrats -- you now have a SIFT workstation!! SIFT Workstation 3.0 Overview "The SIFT Workstation has quickly become my "go to" tool when conducting an exam. Key new features of SIFT 3.0 include: Installation
Tools CTF CAINE Live CD/DVD - computer forensics digital forensics DEFT Linux - Computer Forensics live CD |