{"id":2,"date":"2018-09-01T10:43:39","date_gmt":"2018-09-01T10:43:39","guid":{"rendered":"https:\/\/josephnaghdi.com\/?page_id=2"},"modified":"2018-09-23T07:47:19","modified_gmt":"2018-09-23T07:47:19","slug":"computer-forensics-lab","status":"publish","type":"page","link":"https:\/\/josephnaghdi.com\/","title":{"rendered":"Computer Forensics Tools"},"content":{"rendered":"<h1><b>Free computer forensic tools -Part I<\/b><\/h1>\n<h2><b>List of over 140 free tools is provided as a free resource for all involved in computer forensics investigations<\/b><\/h2>\n<p><a href=\"https:\/\/computerforensicslab.co.uk\">Computer Forensics Lab<\/a> offers no support or warranties for the listed software and it is the user\u2019s responsibility to verify licensing agreements. Inclusion on the list does not equate to a recommendation. Using forensic software does not, on its own, make the user a forensic analyst or the output court admissible. Evidence is more likely to be admissible if it is produced by a trained professional computer forensic analyst.<\/p>\n<h2><b>List of security &amp; computer forensics Linux distros:<\/b><\/h2>\n<ol>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><b>Kali Linux 2018\u00a0<\/b><\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><b>Parrot Linux 4.1\u00a0<\/b><\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><b>Backbox 5.1\u00a0<\/b><\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\"><b>Samurai 3.3.2\u00a0<\/b><\/li>\n<li data-aria-posinset=\"6\" data-aria-level=\"2\"><b>BlackArch\u00a0Linux 2016-06-01\u00a0<\/b><\/li>\n<li data-aria-posinset=\"7\" data-aria-level=\"2\"><b>Pentoo\u00a02016\u00a0<\/b><\/li>\n<li data-aria-posinset=\"8\" data-aria-level=\"2\"><b>Deft 8\u00a0<\/b><\/li>\n<li data-aria-posinset=\"9\" data-aria-level=\"2\"><b>Caine 9 \u2013Fully featured\u00a0<\/b><\/li>\n<li data-aria-posinset=\"10\" data-aria-level=\"2\"><b>Paladin Forensics 7.04\u00a0<\/b><\/li>\n<li data-aria-posinset=\"11\" data-aria-level=\"2\"><b>Network Security Toolkit (NST) [Network forensics]\u00a0<\/b><\/li>\n<li data-aria-posinset=\"12\" data-aria-level=\"2\"><b>SIFT Workstation by SANS Forensics (Includes super timeline tool LOG2TIMELINE); SIFT can be installed on top of UBUNTU.\u00a0<\/b><\/li>\n<li data-aria-posinset=\"13\" data-aria-level=\"2\"><b>Helix Forensics by E-Fense<\/b><\/li>\n<\/ol>\n<p><b>Some Common Tools:<\/b><\/p>\n<ol>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\">USE brew install [name of the tool] to install Linux applications in Mac OS.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\">For memory analysis: \u201c<b>volatility<\/b>\u201d<\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\">For data recovery: \u201c<b>foremost<\/b>\u201d or \u201c<b>photorec<\/b>\u201d<\/li>\n<li data-aria-posinset=\"6\" data-aria-level=\"2\">Show and save file metadata: \u201c<b>exiftool<\/b>\u201d<\/li>\n<li data-aria-posinset=\"7\" data-aria-level=\"2\">For the file type: \u201c<b>file<\/b>\u201d<\/li>\n<li data-aria-posinset=\"8\" data-aria-level=\"2\">To display the file in\u00a0hexa\u00a0and see the magic bytes\/numbers: \u201c<b>hexdump<\/b>\u201d<\/li>\n<li data-aria-posinset=\"9\" data-aria-level=\"2\">To show printable characters in a file: \u201c<b>Strings<\/b>\u201d<\/li>\n<li data-aria-posinset=\"10\" data-aria-level=\"2\">To see partition table: \u201c<b>fdisk<\/b>\u201d or \u201c<b>mmls<\/b>\u201d<\/li>\n<li data-aria-posinset=\"11\" data-aria-level=\"2\">For mounting image files: &#8220;<b>osmount<\/b>&#8220;, \u201cmount\u201d or \u201cewfmount\u201d or \u201cxmount\u201d or \u201cbdemount\u201d<\/li>\n<li data-aria-posinset=\"12\" data-aria-level=\"2\">For website malware analysis \u201c<b>online sandbox<\/b>\u201d<\/li>\n<li data-aria-posinset=\"13\" data-aria-level=\"2\">Online reputation website check \u201c<b>virustotal<\/b>\u201d<\/li>\n<li data-aria-posinset=\"14\" data-aria-level=\"2\">For network traffic and packet analysis: \u201c<b>wireshark<\/b>\u201d (and sometimes \u201c<b>Tshark<\/b>\u201d)<\/li>\n<li data-aria-posinset=\"15\" data-aria-level=\"2\">For file listing, directory listing and reporting of files and directories: &#8220;<b>Directory Lister<\/b>&#8220;<\/li>\n<\/ol>\n<p><b>OPEN SOURCE INVESTIGATIVE TOOL: Autopsy \/Sleuth Kit<\/b><\/p>\n<p><strong><em>Below is the list of Autopsy features.<\/em><\/strong><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/www.sleuthkit.org\/autopsy\/multiuser.php\">Multi-User Cases:<\/a>\u00a0Collaborate with fellow examiners on large cases.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/www.sleuthkit.org\/autopsy\/timeline.php\">Timeline Analysis:<\/a>\u00a0Displays system events in a graphical interface to help identify activity.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/www.sleuthkit.org\/autopsy\/keyword.php\">Keyword Search:<\/a>\u00a0Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/www.sleuthkit.org\/autopsy\/web_artifacts.php\">Web Artifacts:<\/a>\u00a0Extracts web activity from common browsers to help identify user activity.<\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\"><b>Registry Analysis:<\/b>\u00a0Uses\u00a0<a href=\"http:\/\/regripper.wordpress.com\/\">RegRipper<\/a>\u00a0to identify recently accessed documents and USB devices.<\/li>\n<li data-aria-posinset=\"6\" data-aria-level=\"2\"><b>LNK File Analysis:<\/b>\u00a0Identifies short cuts and accessed documents<\/li>\n<li data-aria-posinset=\"7\" data-aria-level=\"2\"><b>Email Analysis:<\/b>\u00a0Parses\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Mbox\">MBOX<\/a>\u00a0format messages, such as Thunderbird.<\/li>\n<li data-aria-posinset=\"8\" data-aria-level=\"2\"><b>EXIF:<\/b>\u00a0Extracts geo location and camera information from JPEG files.<\/li>\n<li data-aria-posinset=\"9\" data-aria-level=\"2\"><b>File Type Sorting:<\/b>\u00a0Group files by their type to find all images or documents.<\/li>\n<li data-aria-posinset=\"10\" data-aria-level=\"2\"><b>Media Playback:<\/b>\u00a0View videos and images in the application and not require an external viewer.<\/li>\n<li data-aria-posinset=\"11\" data-aria-level=\"2\"><b>Thumbnail viewer:<\/b>\u00a0Displays thumbnail of images to help quick view pictures.<\/li>\n<li data-aria-posinset=\"12\" data-aria-level=\"2\"><b>Robust File System Analysis:<\/b>\u00a0Support for common file systems, including NTFS, FAT12\/FAT16\/FAT32\/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2\/Ext3\/Ext4, Yaffs2, and UFS from\u00a0<a href=\"https:\/\/www.sleuthkit.org\/sleuthkit\/\">The Sleuth Kit<\/a>.<\/li>\n<li data-aria-posinset=\"13\" data-aria-level=\"2\"><b>Hash Set Filtering:<\/b>\u00a0Filter out known good files using\u00a0<a href=\"http:\/\/www.nsrl.nist.gov\/\">NSRL<\/a>\u00a0and flag known bad files using custom\u00a0hashsets\u00a0in\u00a0HashKeeper, md5sum, and EnCase formats.<\/li>\n<li data-aria-posinset=\"14\" data-aria-level=\"2\"><b>Tags:<\/b>\u00a0Tag files with arbitrary tag names, such as &#8216;bookmark&#8217; or &#8216;suspicious&#8217;, and add comments.<\/li>\n<li data-aria-posinset=\"15\" data-aria-level=\"2\"><b>Unicode Strings Extraction<\/b>: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).<\/li>\n<li data-aria-posinset=\"16\" data-aria-level=\"2\"><b>File Type Detection<\/b>\u00a0based on signatures and extension mismatch detection.<\/li>\n<li data-aria-posinset=\"17\" data-aria-level=\"2\"><b>Interesting Files Module<\/b>\u00a0will flag files and folders based on name and path.<\/li>\n<li data-aria-posinset=\"18\" data-aria-level=\"2\"><b>Android Support<\/b>: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.<\/li>\n<\/ul>\n<p aria-level=\"3\"><strong>Input Formats in Autopsy<\/strong><\/p>\n<p>Autopsy\u00a0analyses\u00a0disk images, local drives, or a folder of local files. Disk images can be in either raw\/dd or E01 format. E01 support is provided by\u00a0<a href=\"http:\/\/sf.net\/projects\/libewf\">libewf<\/a>.<\/p>\n<p aria-level=\"3\"><strong>Reporting in Autopsy<\/strong><\/p>\n<p>Autopsy has an extensible reporting infrastructure that allows additional types of reports for investigations to be created. By default, an HTML, XLS, and Body file report are available. Each are configurable depending on what information an investigator would like included in their report:<\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\">HTML and Excel: The HTML and Excel reports are intended to be fully packaged and shareable reports. They can include references to tagged files along with comments and notes inserted by the investigator as well as other automated searches that Autopsy performs during ingest. These include bookmarks, web history, recent documents, keyword hits,\u00a0hashset\u00a0hits, installed programs, devices attached, cookies, downloads, and search queries.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"http:\/\/wiki.sleuthkit.org\/index.php?title=Body_file\">Body File<\/a>: Primarily for use in timeline analysis, this file will include MAC times for every file in an XML format for import by external tools, such as\u00a0<a href=\"http:\/\/wiki.sleuthkit.org\/index.php?title=Mactime\">mactime<\/a>\u00a0in The Sleuth Kit.<\/li>\n<\/ul>\n<p>An investigator can generate more than one report at a time and either edit one of the existing or create a new reporting module to customize the behaviour for their specific needs.<\/p>\n<h2><a href=\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-two\/\"><em><strong>CONTINUE TO THE NEXT PAGE FOR MORE COMPUTER FORENSICS TOOLS -&gt;\u00a0<span style=\"color: #ff0000;\">CONTINUED<\/span><\/strong><\/em><\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Free computer forensic tools -Part I List of over 140 free tools is provided as a free resource for all involved in computer forensics investigations <a class=\"mh-excerpt-more\" href=\"https:\/\/josephnaghdi.com\/\" title=\"Computer Forensics Tools\"><span>Read More<\/span><\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-2","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Computer Forensics Tools - Computer Forensics Expert<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/josephnaghdi.com\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Computer Forensics Tools - Computer Forensics Expert\" \/>\n<meta property=\"og:description\" content=\"Free computer forensic tools -Part I List of over 140 free tools is provided as a free resource for all involved in computer forensics investigations Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/josephnaghdi.com\/\" \/>\n<meta property=\"og:site_name\" content=\"Computer Forensics Expert\" \/>\n<meta property=\"article:modified_time\" content=\"2018-09-23T07:47:19+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/josephnaghdi.com\/\",\"url\":\"https:\/\/josephnaghdi.com\/\",\"name\":\"Computer Forensics Tools - Computer Forensics Expert\",\"isPartOf\":{\"@id\":\"https:\/\/josephnaghdi.com\/#website\"},\"datePublished\":\"2018-09-01T10:43:39+00:00\",\"dateModified\":\"2018-09-23T07:47:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/josephnaghdi.com\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/josephnaghdi.com\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/josephnaghdi.com\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/josephnaghdi.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Computer Forensics Tools\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/josephnaghdi.com\/#website\",\"url\":\"https:\/\/josephnaghdi.com\/\",\"name\":\"Computer Forensics Expert\",\"description\":\"Digital Forensics Investigatory Tools\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/josephnaghdi.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Computer Forensics Tools - Computer Forensics Expert","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/josephnaghdi.com\/","og_locale":"en_US","og_type":"article","og_title":"Computer Forensics Tools - Computer Forensics Expert","og_description":"Free computer forensic tools -Part I List of over 140 free tools is provided as a free resource for all involved in computer forensics investigations Read More","og_url":"https:\/\/josephnaghdi.com\/","og_site_name":"Computer Forensics Expert","article_modified_time":"2018-09-23T07:47:19+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/josephnaghdi.com\/","url":"https:\/\/josephnaghdi.com\/","name":"Computer Forensics Tools - Computer Forensics Expert","isPartOf":{"@id":"https:\/\/josephnaghdi.com\/#website"},"datePublished":"2018-09-01T10:43:39+00:00","dateModified":"2018-09-23T07:47:19+00:00","breadcrumb":{"@id":"https:\/\/josephnaghdi.com\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/josephnaghdi.com\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/josephnaghdi.com\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/josephnaghdi.com\/"},{"@type":"ListItem","position":2,"name":"Computer Forensics Tools"}]},{"@type":"WebSite","@id":"https:\/\/josephnaghdi.com\/#website","url":"https:\/\/josephnaghdi.com\/","name":"Computer Forensics Expert","description":"Digital Forensics Investigatory Tools","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/josephnaghdi.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/2","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/comments?post=2"}],"version-history":[{"count":16,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/2\/revisions"}],"predecessor-version":[{"id":70,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/2\/revisions\/70"}],"wp:attachment":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/media?parent=2"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}