Monday, November 27, 2017

Free Computer Forensics Tools

 
 
Cyber-security professionals, system and network administrators, and various law enforcement and security agencies may all have a need to conduct a forensic examination of a computer. Skilled computer users (hackers) may want to conduct forensic examinations of their own computer systems to better understand how they work, and how information flows across their home networks.

Below are some of the more popular computer forensic freeware programs. Downloading and learning to use these programs will improve your forensic and security knowledge, and will enhance your ability to secure your own computer systems against attack and against forensic analysis.

Autopsy is a forensic tool which is used by the military, law enforcement, and corporate examiners to investigate what had happened on a smartphone or a computer. The Autopsy has a plug-in architecture which allows the user to find add-on modules or even develop custom modules written in Java or Python. Autopsy analyzes disk images, local drives, or a folder of local files. Disk images can be in either raw/dd or E01 format. E01 support is provided by libewf.  Download a Free copy of Autopsy here: http://www.sleuthkit.org/autopsy/download.php
 
Browser History Capturer is a free tool that allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle to capture history from Chrome, Firefox, Internet Explorer and Edge web browsers. The history files are copied to the chosen destination in their original format, allowing them to be analysed later using your tool of choice. The data captured includes bookmarks, cached files, cookies, downloads, form history, saved logins, searches, website history and more. Download a Free copy of Browser History Capturer here: https://www.foxtonforensics.com/browser-history-capturer/
 
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998. Download a Free copy of Wireshark here: https://www.wireshark.org/

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Download a Free copy of Nmap here: https://nmap.org/download.html

HxD - Freeware Hex Editor and Disk Editor is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. Download a Free copy of HxD here: https://mh-nexus.de/en/hxd/

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.PlainSight has taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. Download a Free copy of PlainSight here: http://www.plainsight.info/index.html

FTK Imager is a data preview and imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, and review the content of forensic images or memory dumps. Using FTK Imager you can also create SHA1 or MD5 hashes of files, export files and folders from forensic images to disk, review and recover files that were deleted from the Recycle Bin (providing that their data blocks haven’t been overwritten), and mount a forensic image to view its contents in Windows Explorer. Download a Free copy of FTK Imager here: http://www.accessdata.com/product-download
 
Hiren’s BootCD is a boot disk utility that will help in resolving and making reformatting your computer easy. This kind of compilation software provides a compilation of programs to help resolves most and some uncommon Internet and computer issues like driver failure, intermittent internet connection and other computer malfunctions. Download a Free copy of Hiren’s BootCD here: http://www.hirensbootcd.org/about/
 
Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, Seven, 8, 8.1, Server 2012, and 2012 R2. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. Download a Free copy of Volatility here: https://code.google.com/archive/p/volatility/downloads
 
Field Search is a suite of software products designed for use in the field by non-technical criminal justice personnel to allow them to quickly and efficiently search a target computer and create a detailed report of the findings. This approach provides a fast and powerful, yet easy method of examining and monitoring computer use. Field Search blends preview functions with evidence gathering and reporting functions. Download a Free copy of FieldSearch (for LE Agencies) here: https://www.justnet.org/app/fieldsearch/request.aspx
 
Video Previewer quickly processes a video and shows its key frames in a PDF file. It is particularly useful in investigations where watching a video is time consuming. It allows specification to select frames at equally spaced intervals, or to perform intelligent selection of frames based on scene changes. Download a Free copy of Video Previewer here: https://dfcsc.uri.edu/research/videoPreviewer

USB Historian parses USB information, primarily from the Windows registry, to give you a list of all USB drives that were plugged into the machine. It displays information such as the name of the USB drive, the serial number, when it was mounted and by which user account. This information can be very useful when you’re dealing with an investigation whereby you need to understand if data was stolen, moved or accessed. Download a Free copy of USB Historian here: http://www.4discovery.com/our-tools/
 
 
 
 


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.