It is currently Wed Nov 22, 2017 1:11 am


All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Forensic Tools
PostPosted: Sun Oct 27, 2013 10:35 pm 

Joined: Mon Sep 16, 2013 10:06 pm
Posts: 60
Volatility is is a great open source memory forensic tool. In its newest update it now officially supports OS X and Android memory forensics. Even if you don't need to conduct a memory forensic investigation you should use the tool and get familiar with it. This will help you learn the system files that normally reside in memory. You can also run the tool to perform a forensic audit on your system if you suspect your computer to be infected with malware.

link-----> http://volatility-labs.blogspot.com/201 ... ac-os.html


Top
Offline Profile  
 
 Post subject: Re: Forensic Tools
PostPosted: Thu Mar 20, 2014 3:55 pm 

Joined: Mon Sep 16, 2013 10:06 pm
Posts: 60
Here are two great free tools that you should become familiar with if you want to work in the forensic field.

The first one (Mandiant Redline) is a memory forensic tool that allows you to analyze memory (RAM), in a very unique way. This tool rates each memory artifact on the likelihood that it is malicious or not. It is very useful for analyzing data relating to malware and other malicious attacks on your systems.

link -----> https://www.mandiant.com/resources/download/redline

The second tool is the SANS SIFT (SANS Investigative Forensic Kit) Station which is a workstation designed for conducting forensic investigations. Read some of the resources that SANS offers and it will provide you with insight into how to conduct an investigation with the workstation.

link -----> http://digital-forensics.sans.org/community/downloads


Top
Offline Profile  
 
 Post subject: Re: Forensic Tools
PostPosted: Sat Apr 05, 2014 2:34 pm 

Joined: Mon Sep 16, 2013 10:06 pm
Posts: 60
More tools:

The sleuth Kit/Autopsy:
This is a great open source computer forensic tool. It is the best open source tool that I know of. The sleuth kit is a collection of command line based tools, where as Autopsy is the same set of tools but in an easy to use user interface. It is written an maintained by Brian Carrier, he has written a lot of great books on computer forensic analysis and file system analysis.

link -----> http://www.sleuthkit.org/

FTK (Forensic ToolKit):
This forensic program is one of the most used forensic programs, possibly only second to Encase. It is a commercial tool so it provides a lot of useful features commonly not found in free forensic tools. Please check out the website below. Their is a bunch of great information about the product, great tutorials and data sheets. The second link is to the free version of FTK.

link -----> http://www.accessdata.com/products/digi ... ensics/ftk
link -----> http://www.accessdata.com/support/produ ... nload-page


Encase:
Possibly the most widely used forensic program for commercial use. Many smaller forensic businesses may not use this because of the cost but any major computer forensic firm/business/etc... will be familiar with it. They have a free Encase imager program which allows you to image hard drives/USB's/etc... You can also become Encase certifided which is a very good cert to have if you are looking to get involved in computer forensic. Again, please check out the website provided below. The website provides many great resources about the program.

link ------> http://www.guidancesoftware.com/product ... rview.aspx


Top
Offline Profile  
 
 Post subject: Re: Forensic Tools
PostPosted: Tue Apr 22, 2014 4:00 pm 

Joined: Mon Sep 16, 2013 10:06 pm
Posts: 60
This is a neat and very useful resource if you need to test out how well certain computer forensic tools work. The CFTTP (Computer Forensic Tool Testing Program), which was created by the NIST (National Institute of Standards and Technology) provides the ability to test how accurate forensic tools are. This is very useful for forensic labs and companies that specialize in forensic imaging and analysis.


link -------> http://www.cftt.nist.gov/


Top
Offline Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron

© 2013 Center for Information Protection, NJIT