Jump to content

List of digital forensics tools

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Bgs876 (talk | contribs) at 20:21, 25 January 2013. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

During the 1980s, most of digital forensic investigations consisted of "live analysis", examining digital media directly using non-specialist tools. In the 1990s several commercial and freeware tools (both hardware and software) were created to allow investigations to take place without modifying media. This first set of tools mainly focused on computer forensics, although in recent years similar tools have evolved for the field of mobile device forensics.[1]

Computer forensics

Main article: computer forensics
Name Platform License Version Description
Internet Evidence Finder IEF Windows commercial 5.5 Computer Forensics Solution
SANS Investigative Forensics Toolkit - SIFT Ubuntu 2.1 Multi-purpose forensic operating system
Registry Recon Windows commercial 2.0.0.0530 Forensics tool that rebuilds Windows registries from anywhere on a hard drive and parses them for deep analysis.
EnCase Windows commercial 7.03 Multi-purpose forensic tool
EPRB Windows commercial 1435 Set of tools for encrypted systems & data decryption and password recovery
FTK Windows commercial 4.0.1 Multi-purpose tool, commonly used to index acquired media.
Digital Forensics Framework Windows / Linux / MacOS GPL 1.1 DFF is both a digital investigation tool and a development platform
PTK Forensics LAMP free/commercial 2.0 GUI for The Sleuth Kit
The Coroner's Toolkit Unix-like IBM Public License 1.19 A suite of programs for Unix analysis
COFEE Windows Proprietary n/a A suite of tools for Windows developed by Microsoft, only available to law enforcement
The Sleuth Kit Unix-like/Windows IPL, CPL, GPL 3.1.1 A library of tools for both Unix and Windows
Categoriser 4 Pictures[2] Windows Free 4.0.2 Image categorisation tool develop, available to law enforcement
Paraben P2 Commander Windows Commercial n/a General purpose forensic tool
Open Computer Forensics Architecture Linux LGPL/GPL 2.3.0 Computer forensics framework for CF-Lab environment
SafeBack[3] N/a commercial 3.0 Digital media (evidence) acquisition and backup
Windows To Go n/a commercial n/a Bootable operating system
Forensic Assistant Windows commercial 1.2 User activity analyzer(E-mail, IM, Docs, Browsers), plus set of forensics tools
Nuix Windows commercial 4.0.1 Forensic analysis & fraud prevention software. Full text search, extracts emails, credit card numbers, IP addresses, URLs. Skin tone analysis. Support for ingesting Windows, Mac OS, Linux and mobile device data.
PeerLab Windows commercial 1.30 FileSharing and "Instant Messaging"-analyzer
OSForensics Windows free/commercial 0.99f General purpose forensic tool for E-mail, Files, Images & browsers.
X-Way Forensics Windows commercial 16.1 General purpose forensic tool based on WinHex hex editor.
bulk_extractor Windows, Linux Public Domain 1.1 Stream-based forensic feature extraction of e-mail addresses, phone numbers, urls and other identified objects.
Intella Windows Commercial 1.6.1 Forensic Search Software - good for email searching
CAINE Linux free/open source 3.0 Gnu/Linux computer forensics live distro.

Memory forensics

Main article: memory forensics

Memory forensics tools are used to acquire and/or analyze a computer's volatile memory (RAM). They are often used in incident response situations to preserve evidence in memory that would be lost when a system is shutdown, and to quickly detect stealthy malware by directly examining the operating system and other running software in memory.

Name Vendor/Sponsor Platform License Web Site
CMAT Windows Free (AFL) http://sourceforge.net/projects/cmat/
Memoryze Mandiant Windows Commercial (gratis) http://www.mandiant.com/products/free_software/memoryze/
Responder HBGary Windows Commercial http://hbgary.com/responder-field http://hbgary.com/responder-pro
Second Look Raytheon Pikewerks Linux Commercial http://secondlookforensics.com/
WindowsSCOPE BlueRISC Windows Commercial http://windowsscope.com/
Volafox Mac OS Free (GPL) http://code.google.com/p/volafox/
Volatililty Volatile Systems Windows & Linux Free (GPL) http://code.google.com/p/volatility/ https://www.volatilesystems.com/default/volatility

Mobile device forensics

Main article: mobile device forensics

Mobile forensics tools tend to consist of both a hardware and software component. Mobile phones come with a diverse range of connectors, the hardware devices support a number of different cables and perform the same role as a write blocker in computer devices.

Name Platform License Version Description
Cellebrite Mobile Forensics[4] Windows Commercial Universal Forensics Extraction Device - Hardware and Software
Radio Tactics Aceso[4] Windows Commercial "All-in-one" unit with a touch screen
Paraben Device Seizure[4] Windows Commercial Hardware/Software package
MicroSystemation XRY/XACT[4] Windows Commercial Hardware/Software package, specialises in deleted data
Oxygen Forensic Suite (former Oxygen Phone Manager[4]) Windows Commercial Smart forensics for smartphones
Elcomsoft iOS Forensic Toolkit (EIFT) Windows, Mac Commercial Acquires bit-precise images of Apple iOS devices in real time
Elcomsoft Phone Password Breaker (EPPB) Windows Commercial Enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms,
MOBILedit! Forensic[4] Windows Commercial Hardware-Connection kit/Software package
viaForensics viaExtract[5] Any (Distributed as VM) Commercial 1.7 Software package, specializes in Android Forensics

Other

Name Platform License Version Description
HashKeeper Windows free n/a Database application for storing file hash signatures
Evidence Eliminator Windows commercial 6.03 Anti-forensics software, claims to delete files securely
DECAF Windows free n/a Tool which automatically executes a set of user defined actions on detecting Microsoft's COFEE tool
NetSleuth Windows GPL n/a Open-source network forensics and monitoring tool.

References

  1. ^ Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4.
  2. ^ Sanderson, P (2006). "Mass image classification". Digital Investigations. 3 (4): 190–195. doi:10.1016/j.diin.2006.10.010. {{cite journal}}: |access-date= requires |url= (help); Unknown parameter |month= ignored (help)
  3. ^ Mohay, George M. (2003). Computer and intrusion forensics. Artechhouse. p. 395. ISBN 1-58053-369-8.
  4. ^ a b c d e f Mislan, Richard (2010). "Creating laboratories for undergraduate courses in mobile phone forensics". Proceedings of the 2010 ACM conference on Information technology education. ACM: 111–116. Retrieved 29 November 2010. Among the most popular tools are products named MicroSystemation GSM .XRY and .XACT, Cellebrite UFED, Susteen Secure View2, Paraben Device Seizure, Radio Tactics Aceso, Oxygen Phone Manager, and Compelson MobilEdit Forensic
  5. ^ "viaForensics". Retrieved 1 October 2012. {{cite web}}: |first= missing |last= (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=List_of_digital_forensics_tools&oldid=534882070"