With data breaches occurring all around the world every day, the demand for experts in computer forensics will also increase. Whether you need to investigate an unauthorized server access, look into an internal case of human resources, or are interested in learning a new skill, these free and open source computer forensics tools will help you conduct in-depth analysis, including hard drive forensics, memory analysis, forensic image exploration, and mobile forensics.
However, this is not an extensive list by all means and may not cover all necessary tools required for a complete investigation. It only includes some of the popular and useful tools. Using the right tools can always help you move things faster and result in more productive results. These are multipurpose forensic toolkits that can carry out a number of detailed digital forensic tasks. Based on Ubuntu, SIFT has all the important tools needed to carry out a detailed forensic analysis or incident response study.
It comes with tools to carve data files, generate timeline from system logs, examine recycle bins, and much more. SIFT provides user documentation that allows you to get accustomed to the available tools and their usage. It also explains where evidence can be found on a system. Tools can be opened manually from the terminal window or with the help of top menu bar. Having more than , downloads to date, SIFT continues to be a widely used open-source forensic and incident response tool.
Pros: Better utilization of memory, modern forensic tools and techniques, expanded file system support. Autopsy is a digital forensics platform that efficiently analyzes smartphones and hard disks. It is used worldwide by a large number of users, including law enforcement agencies, the military, and corporations to carry out investigations on a computer system. It has an easy-to-use interface, processes data fast, and is cost-effective.
Sleuth Kit is a collection that consists of command line tools and a C library allowing the analysis of disk images and file recovery. It is used at the back end in the Autopsy tool. Available in free and professional versions, this forensics tool helps you to collect evidence from a mobile phone. Its file browser feature enables you to have access to and analyze photos, documents, videos and device database.
Pros: It provides several ways to extract data including Bluetooth, USB cable, iTunes backups, other forensic software backups, and Android backups. Also, the main interface is straightforward and easy to use. It provides sophisticated data analysis and has several useful data analysis features. DEFT digital evidence and forensics toolkit is a Linux-based distribution that allows professionals and non-experts to gather and preserve forensic data and digital evidence.
The free and open source operating system has some of the best computer forensics open source applications. DEFT Zero is a lightweight version released in Pros: Needs only MB memory to run.
This means that it can be run even on a slow or obsolete PC. WireShark is one of the most commonly used network protocol analyzers. It allows you to investigate your network activity at the microscopic level.
Wireshark is widely used by government agencies, corporations and educational institutes. Cons: Does not exactly pinpoint the solution you are looking for and dumps raw data into large files for you to figure out. These tools come in a free edition as well as a professional paid edition. Pros: Captures network traffic, investigates potential rogue hosts, assembles and extracts files from captured traffic. This is an open-source network forensic analysis tool NFAT that can extract app data from internet traffic.
Important features of Xplico are:. Pros: There is no size limit on number of files or data size. Its command line shows more detail and its geo-map feature can be used in web interface as well as console mode. Cons: it is not possible to copy packets and send them to two separate dissectors; instead, there is the possibility of losing the packets, as the average processing time for a packet is higher than the average number of packets per second in Xplico.
Autopsy is an open source forensic tool for Windows. It is one of the most popular forensic software which are used by the forensic experts to investigate all unauthorized access. Also, it offers a lot of features which make it an important tool in the field of digital forensics. All in all, Autopsy is a complete software in the field of digital forensics which is available free of cost.
Wireshark is one of the most widely used network capture and analysis tool for Windows. Hence, it can be used in a forensic investigation. You can view all the activities going on in a network.
Once you launch the Wireshark, it starts capturing the network information in the form of packets. The Info part provides further information about the network being captured by Wireshark, like Application Data, Encryption Alert, Standard Query , etc. This free digital forensic tool also provides a search feature.
You can use this feature to search a particular packet within the list of packets being captured by the software. Moreover, you can also apply filters to your searches. Besides this, you can also make case-sensitive searches. It has a live capturing feature, hence it keeps you updated with network packets. You can also enable the feature to automatically scroll to the bottom during live capture to view latest updates. Besides this, it also lets you analyze the captured data offline.
NetworkMiner is another free digital forensic software. The good part of the software is that it captures all the data without putting any traffic on the network. It also comes with a feature to extract files, emails, certificates, etc. All this information can be parsed in PCAP Files, so that the forensic experts could analyze the generated reports offline. The PCAP parsing speed in the free version of the software is 2.
You can use this feature to extract and save the files streamed over the network by the user. Apart from the above-listed features, the free version of this software has a very important feature, named OS Fingerprinting. This free digital forensic tool also captures the screenshots and save them as thumbnails.
Such an information can be viewed in the Images tab of the software. NetworkMiner is also capable to capture the important information of the user, like his username and passwords. But this feature is limited to some supported protocols. Such an information is displayed in the Credential tab of the software.
You can copy the username and password and paste it at any location on your PC. The software copied the username well but failed to copy the user password during testing.
FAW Forensic Acquisition of Websites is a first forensic web browser in the field of digital forensics. It provides a feature of web page acquisition for forensic investigation.
The interface of this free forensic tool is similar to a web browser, which comprises of an address bar, forward button, a backward button, a Go To an Address button, a reload button, and a stop search button. You can search any webpage by typing its address in the address bar. You can navigate any website with this forensic web browser for a partial or total acquisition of web pages.
While acquiring a web page, it also captures all the images on that webpage and saves them at a default location. Moreover, it also has a feature to record all the ongoing activities on the screen during the acquisition process. It also has an advanced feature to acquire the web pages that contain streaming videos, i.
Apart from this, it also acquires the entire HTML code of web pages being launched in the software. During the web page acquisition, it generates separate files in TXT format, which contain frames and headers of the web page.
This free digital forensic tool also offers Social Media Acquisition. Using FAW, you can access any social media network in order to acquire it. It also captures all the traffic from all the active networks of a web page, hence, helps investigators to analyze the network traffic. FAW also has advanced configuration options.
It displays the same web page differently to different user agents. The good part of this free forensic tool is that it generates a summary report for each acquisition, which contains a detailed log of all the operations performed by a forensic expert and files created by him along with the time. All in all, FAW Forensic Acquisition of Websites is a great tool in the field of digital forensics, which comes with many advanced features to acquire different websites.
LastActivityView is another free digital forensic tool for Windows. It lets forensic experts view all the user activities on a computer. For example, the changes done by the user on a computer, files viewed by him, etc. You will get a detailed information about all the actions taken by the user, which include action time and date, description, file name, complete file path, etc.
Besides this, if the user viewed any file in the Windows Explorer, it also displays this information. Double click on any of the displayed items to view the same information in a tabular format. It has a search option, which you can use to search a particular file in the database. This free digital forensic tool reads all the archives files by default. You can change this setting in Options menu. It also generates HTML reports for all or selected items and launches this report on your default web browser.
You can directly open the main directory of any of the selected item s. Image Forensic Search System is a very useful digital forensic tool, which can be used to search specific images. Human Mode is an interesting feature of this software, enabling which the software also looks at skin areas and colors in the images while comparing the human faces.
0コメント