Interested in performing a digital forensic investigation? Whether you are interested in learning a new skill, working on an internal human resources case, or investigating an unauthorized access to a server, these utilities and suites will help you conduct mobile forensics, forensics imaging, hard drive forensics analysis, memory forensic analysis, and more.
Before we begin, it is important to let you know that, while useful, this list isn’t complete and may not have everything you need for your specific investigation. Thus, you may need additional utilities like text editors and hash generators. Also, while you may have heard of some of the items on this list, you are guaranteed to find a few gems in here as well. Now that we have gotten the disclaimers out of the way, without further ado here are our list of top free popular computer forensic tools.
This tool parses USB Data Recovery Services, generally from the Windows Registry, and gives you a record of all the USB drives that have been plugged into the machine. It will give you information like the name of the USB drive, its serial number, the user account, and the time it was mounted. This information comes in quite handy when your investigation must determine whether the Data Recovery Services was accessed, move, or stolen.
This Ubuntu-based Live CD features over 25 types of Open Source forensics tools that let you perform social media analysis, malware analysis, parsing, and more. This user-friendly text editor lets you modify main memory and conduct low-level editing on your disk. Some of its features include statistics generation, an inbuilt file shredder, searching and replacing, etc. This Knoppix-based Live CD gives you the ability to perform digital forensic tasks like extracting password hashes, analyzing physical memory dumps, USB device usage information gathering, viewing internet history, and more.
Interesting in performing a file and memory analysis of a specific host? This who gives you the ability to collect Twitter Data Recovery Services like event logs, registry data, network information, internet history, and more to help you build and a comprehensive threat assessment profile. This software-based write blocker prevents write access to USB devices. This capability is essential in an investigation where you must prevent someone from changing timestamp or metadata and tampering with evidence. This will give you the ability to see the actions that the user took as well as the events that happened on the machine. This includes activities like a software installation, a system or application crash, running an executable file, etc.
This open source Network Forensic Analysis Tool gives you the ability to remove application Data Recovery Services from internet traffic. For instance, you can use it to remove an email message from SMTP or IMAP traffic. Notable features include the ability to output data to an SQlite or mySQL database as well as support for a variety of protocols IMAP, HTTP, and UDP.