Forensics

Matt Churchill over at Binary Intelligence has put together a listing of tools for forensics. Its a really good building block, when i find more resources ill add them =) If you have one you would like to list just post!

Free Forensic Tools

In November I did a presentation at the monthly NebraskaCert Cyber Security Forum. Someone had suggested an overview of forensic tools. I put together a list of free tools in a couple different categories. Here is the list:

Imaging

FTK Imager

http://www.accessdata.com/downloads.html

Forensic Acquisition Utilities (FAU)

http://gmgsystemsinc.com/fau/

Carving

Winhex

http://www.x-ways.net/winhex/

PhotoRec

http://www.cgsecurity.org/wiki/PhotoRec

Scalpel

http://www.digitalforensicssolutions.com/Scalpel/

Analyze

ProDiscover Basic

http://www.techpathways.com/DesktopDefault.aspx?tabindex=9&tabid=14

The Sleuthkit and Autopsy

http://www.sleuthkit.org/

PTK

http://ptk.dflabs.com/

WinHex

http://www.x-ways.net/winhex/

PyFlag

http://www.pyflag.net/cgi-bin/moin.cgi

FTK Demo (up to 5000 items)

http://www.accessdata.com/downloads.html

SANS SIFT Workstation (only available to portal members)

http://forensics.sans.org/community/downloads/

Memory Analysis

mdd

http://sourceforge.net/project/showfiles.php?group_id=228865

win32dd

http://win32dd.msuiche.net/

Volatility

https://www.volatilesystems.com/default/volatility

Memoryze

http://www.mandiant.com/software/memoryze.htm

Virtualization

LiveView (launch image in VMWare)

http://liveview.sourceforge.net/

ProDiscover Basic (creates config files)

http://www.techpathways.com/DesktopDefault.aspx?tabindex=9&tabid=14

VDKWin (edit config files)

http://petruska.stardock.net/Software/VMware.html

Live CDs

Helix

http://www.e-fense.com/helix/

Caine

http://www.caine-live.net/en/index.html

PlainSight

http://www.plainsight.info/download.html

BAckTrack (**will mount drives, but has forensic tools)

http://www.remote-exploit.org/backtrack.html

Misc.

RegRipper (excellent Registry parser)

http://regripper.net/

Forensic CaseNotes

http://www.qccis.com/?section=casenotes

NirSoft Tools

http://www.nirsoft.net/

Historian

http://www.mandiant.com/software/webhistorian.htm

Windows File Analyzer

http://www.mitec.cz/wfa.html

Websites

http://windowsir.blogspot.com

http://forensicir.blogspot.com

http://sansforensics.wordpress.com

www.ForensicFocus.com

www.E-Evidence.info

  1. #1 by Gianchi - March 29th, 2009 at 06:01

    Helix is now commercial… no more free! :(

    Quote
(will not be published)
  1. No trackbacks yet.