Forensic Investigation Tools

FREE Forensic Investigation Tools for IT Security Expert

View Original Tools are the administrator’s best friend; using the proper tool always helps you to maneuver things faster and cause you to productive. Forensic investigation is usually challenging as you’ll gather all the knowledge you’ll for the evidence and mitigation plan.

Here are a number of the pc forensic investigator tools you’d need. Most of them are free!


Autopsy may be a GUI-based open source digital forensic program to research hard drives and smartphones efficiently. Autospy is employed by thousands of users worldwide to research what happened on the pc .

It’s widely employed by corporate examiners, military to research , and a few of the features are.

  • Email analysis
  • File type detection
  • Media playback
  • Registry analysis
  • Photos recovery from memory card
  • Extract geolocation and camera information from JPEG files
  • Extract web activity from a browser
  • Show system events during a graphical interface
  • Timeline analysis
  • Extract data from Android – SMS, call logs, contacts, etc.

It has extensive reporting to get in HTML, XLS file format.

Encrypted Disk Detector

Encrypted Disk Detector are often helpful to see encrypted physical drives. It supports TrueCrypt, PGP, BitLocker, Safeboot encrypted volumes.


Wireshark may be a network capture and analyzer tool to ascertain what’s happening in your network. Wireshark are going to be handy to research the network-related incident.

Magnet RAM Capture

You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory. It supports the Windows OS .

Network Miner

An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions, and open ports through packet sniffing or by PCAP file. Network Miner provides extracted artifacts in an intuitive interface .


NMAP (Network Mapper) is one among the foremost popular networks and security auditing tools. NMAP is supported on most of the operating systems, including Windows, Linux, Solaris, Mac OS, HP-UX, etc. It’s open-source so free.

RAM Capturer

RAM Capturer by Belkasoft may be a free tool to dump the info from a computer’s volatile memory. It’s compatible with Windows OS. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services.

Forensic Investigator

If you’re using Splunk, then Forensic Investigator are going to be a convenient tool. It’s a Splunk app and has many tools combined.


  • WHOIS/GeoIP lookup
  • Ping
  • Port scanner
  • Banner grabber
  • URL decoder/parser
  • XOR/HEX/Base64 converter
  • SMB Share/NetBIOS viewer
  • Virus Total lookup


FAW (Forensics Acquisition of Websites) is to accumulate sites for forensic investigation, which has the subsequent features.

  • Capture the whole or partial page
  • Capture all kinds of image
  • Capture HTML ASCII text file of the online page
  • Integrate with Wireshark


HashMyFiles will assist you to calculate the MD5 and SHA1 hashes. It works on most the newest Windows OS.

Crowd Response

Response by Crowd Strike may be a windows application to collect system information for incident response and security engagements. you’ll view the leads to XML, CSV, TSV, or HTML with the assistance of CRConvert. It runs on 32 or 64 little bit of Windows XP above.

Totrtilla – anonymously route TCP/IP and DNS traffic through Tor.

Shellshock Scanner – scan your network for shellshock vulnerability.

Heartbleed scanner – scan your network for OpenSSL heart bleed vulnerability.

Also Read : Cyber Crime Investigation : Tools and Techniques

NFI Defraser

Defraser forensic tool may assist you to detect full and partial multimedia files within the data streams.


ExifTool helps you to read, write, and edit meta information for variety of file types. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc.


Toolsley got quite ten useful tools for investigation.

  • File signature verifier
  • File identifier
  • Hash & Validate
  • Binary inspector
  • Encode text
  • Data URI generator
  • Password generator


SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. SIFT may be a suite of forensic tools you would like and one among the foremost popular open source incident response platform.


Extract all exciting information from Firefox, Iceweasel and Seamonkey browser to be analyzed with Dumpzilla.

Browser History

Foxton has two free exciting tools.

  1. Browser history capturer – capture browser (chrome, firefox, IE & edge) history on Windows OS.
  2. Browser history viewer – extract and analyze internet activity history from most of recent browsers. Results are shown within the interactive graph, and historical data are often filtered.

Forensic UserInfo

Extract the subsequent information with ForensicUserInfo.

  • RID
  • LM/NT Hash
  • Password reset/Account expiry date
  • Login count/fail date
  • Groups
  • Profile path

Black Track

Blacktrack is one among the foremost popular platforms for penetration testing, but it’s forensic capability too.


PALADIN forensic suite – the world’s most famous Linux forensic suite may be a modified Linux distro supported Ubuntu available in 32 and 64 bit.

Paladin has quite 100 tools under 29 categories, almost everything you would like to research an event . Autospy is included within the latest version – Paladin 6.

Sleuth Kit

The Sleuth Kit may be a collection of command-line tools to research and analyze volume and file systems to seek out the evidence.


CAINE (Computer Aided Investigate Environment) may be a Linux distro that gives the entire forensic platform which has quite 80 tools for you to research , investigate, and make an actionable report.

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Leave a Comment