View Original Tools are the administrator’s best friend; using the proper tool always helps you to maneuver things faster and cause you to productive. Forensic investigation is usually challenging as you’ll gather all the knowledge you’ll for the evidence and mitigation plan.
Here are a number of the pc forensic investigator tools you’d need. Most of them are free!
Autopsy
Autopsy may be a GUI-based open source digital forensic program to research hard drives and smartphones efficiently. Autospy is employed by thousands of users worldwide to research what happened on the pc .
It’s widely employed by corporate examiners, military to research , and a few of the features are.
- Email analysis
- File type detection
- Media playback
- Registry analysis
- Photos recovery from memory card
- Extract geolocation and camera information from JPEG files
- Extract web activity from a browser
- Show system events during a graphical interface
- Timeline analysis
- Extract data from Android – SMS, call logs, contacts, etc.
It has extensive reporting to get in HTML, XLS file format.
Encrypted Disk Detector
Encrypted Disk Detector are often helpful to see encrypted physical drives. It supports TrueCrypt, PGP, BitLocker, Safeboot encrypted volumes.
Wireshark
Wireshark may be a network capture and analyzer tool to ascertain what’s happening in your network. Wireshark are going to be handy to research the network-related incident.
Magnet RAM Capture
You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory. It supports the Windows OS .
Network Miner
An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions, and open ports through packet sniffing or by PCAP file. Network Miner provides extracted artifacts in an intuitive interface .
NMAP
NMAP (Network Mapper) is one among the foremost popular networks and security auditing tools. NMAP is supported on most of the operating systems, including Windows, Linux, Solaris, Mac OS, HP-UX, etc. It’s open-source so free.
RAM Capturer
RAM Capturer by Belkasoft may be a free tool to dump the info from a computer’s volatile memory. It’s compatible with Windows OS. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services.
Forensic Investigator
If you’re using Splunk, then Forensic Investigator are going to be a convenient tool. It’s a Splunk app and has many tools combined.
splunk-forensic-investigator
- WHOIS/GeoIP lookup
- Ping
- Port scanner
- Banner grabber
- URL decoder/parser
- XOR/HEX/Base64 converter
- SMB Share/NetBIOS viewer
- Virus Total lookup
FAW
FAW (Forensics Acquisition of Websites) is to accumulate sites for forensic investigation, which has the subsequent features.
- Capture the whole or partial page
- Capture all kinds of image
- Capture HTML ASCII text file of the online page
- Integrate with Wireshark
HashMyFiles
HashMyFiles will assist you to calculate the MD5 and SHA1 hashes. It works on most the newest Windows OS.
Crowd Response
Response by Crowd Strike may be a windows application to collect system information for incident response and security engagements. you’ll view the leads to XML, CSV, TSV, or HTML with the assistance of CRConvert. It runs on 32 or 64 little bit of Windows XP above.
Totrtilla – anonymously route TCP/IP and DNS traffic through Tor.
Shellshock Scanner – scan your network for shellshock vulnerability.
Heartbleed scanner – scan your network for OpenSSL heart bleed vulnerability.
Also Read : Cyber Crime Investigation : Tools and Techniques
NFI Defraser
Defraser forensic tool may assist you to detect full and partial multimedia files within the data streams.
ExifTool
ExifTool helps you to read, write, and edit meta information for variety of file types. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc.
Toolsley
Toolsley got quite ten useful tools for investigation.
- File signature verifier
- File identifier
- Hash & Validate
- Binary inspector
- Encode text
- Data URI generator
- Password generator
SIFT
SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. SIFT may be a suite of forensic tools you would like and one among the foremost popular open source incident response platform.
Dumpzilla
Extract all exciting information from Firefox, Iceweasel and Seamonkey browser to be analyzed with Dumpzilla.
Browser History
Foxton has two free exciting tools.
- Browser history capturer – capture browser (chrome, firefox, IE & edge) history on Windows OS.
- Browser history viewer – extract and analyze internet activity history from most of recent browsers. Results are shown within the interactive graph, and historical data are often filtered.
Forensic UserInfo
Extract the subsequent information with ForensicUserInfo.
- RID
- LM/NT Hash
- Password reset/Account expiry date
- Login count/fail date
- Groups
- Profile path
Black Track
Blacktrack is one among the foremost popular platforms for penetration testing, but it’s forensic capability too.
Paladin
PALADIN forensic suite – the world’s most famous Linux forensic suite may be a modified Linux distro supported Ubuntu available in 32 and 64 bit.
Paladin has quite 100 tools under 29 categories, almost everything you would like to research an event . Autospy is included within the latest version – Paladin 6.
Sleuth Kit
The Sleuth Kit may be a collection of command-line tools to research and analyze volume and file systems to seek out the evidence.
CAINE
CAINE (Computer Aided Investigate Environment) may be a Linux distro that gives the entire forensic platform which has quite 80 tools for you to research , investigate, and make an actionable report.
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com