Forensic Tools
Page 1 of 1

Author:  crayy8 [ Sun Oct 27, 2013 10:35 pm ]
Post subject:  Forensic Tools

Volatility is is a great open source memory forensic tool. In its newest update it now officially supports OS X and Android memory forensics. Even if you don't need to conduct a memory forensic investigation you should use the tool and get familiar with it. This will help you learn the system files that normally reside in memory. You can also run the tool to perform a forensic audit on your system if you suspect your computer to be infected with malware.

link-----> ... ac-os.html

Author:  crayy8 [ Thu Mar 20, 2014 3:55 pm ]
Post subject:  Re: Forensic Tools

Here are two great free tools that you should become familiar with if you want to work in the forensic field.

The first one (Mandiant Redline) is a memory forensic tool that allows you to analyze memory (RAM), in a very unique way. This tool rates each memory artifact on the likelihood that it is malicious or not. It is very useful for analyzing data relating to malware and other malicious attacks on your systems.

link ----->

The second tool is the SANS SIFT (SANS Investigative Forensic Kit) Station which is a workstation designed for conducting forensic investigations. Read some of the resources that SANS offers and it will provide you with insight into how to conduct an investigation with the workstation.

link ----->

Author:  crayy8 [ Sat Apr 05, 2014 2:34 pm ]
Post subject:  Re: Forensic Tools

More tools:

The sleuth Kit/Autopsy:
This is a great open source computer forensic tool. It is the best open source tool that I know of. The sleuth kit is a collection of command line based tools, where as Autopsy is the same set of tools but in an easy to use user interface. It is written an maintained by Brian Carrier, he has written a lot of great books on computer forensic analysis and file system analysis.

link ----->

FTK (Forensic ToolKit):
This forensic program is one of the most used forensic programs, possibly only second to Encase. It is a commercial tool so it provides a lot of useful features commonly not found in free forensic tools. Please check out the website below. Their is a bunch of great information about the product, great tutorials and data sheets. The second link is to the free version of FTK.

link -----> ... ensics/ftk
link -----> ... nload-page

Possibly the most widely used forensic program for commercial use. Many smaller forensic businesses may not use this because of the cost but any major computer forensic firm/business/etc... will be familiar with it. They have a free Encase imager program which allows you to image hard drives/USB's/etc... You can also become Encase certifided which is a very good cert to have if you are looking to get involved in computer forensic. Again, please check out the website provided below. The website provides many great resources about the program.

link ------> ... rview.aspx

Author:  crayy8 [ Tue Apr 22, 2014 4:00 pm ]
Post subject:  Re: Forensic Tools

This is a neat and very useful resource if you need to test out how well certain computer forensic tools work. The CFTTP (Computer Forensic Tool Testing Program), which was created by the NIST (National Institute of Standards and Technology) provides the ability to test how accurate forensic tools are. This is very useful for forensic labs and companies that specialize in forensic imaging and analysis.

link ------->

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group