{"id":43,"date":"2018-09-17T16:19:49","date_gmt":"2018-09-17T16:19:49","guid":{"rendered":"https:\/\/josephnaghdi.com\/?page_id=43"},"modified":"2018-09-17T16:42:38","modified_gmt":"2018-09-17T16:42:38","slug":"computer-forensics-tools-part-four","status":"publish","type":"page","link":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/","title":{"rendered":"Computer Forensics Tools -Part IV"},"content":{"rendered":"<h1>Computer Forensics Tools -Part IV<\/h1>\n<h2><em><b>Some More FREE CF Tools:<\/b><\/em><\/h2>\n<p aria-level=\"2\"><b>Frameworks<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/arxsys\/dff\">DFF<\/a>\u00a0(Digital Forensics Framework) \u2013 an open source platform applicable for data retrieval and analysis.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/Invoke-IR\/PowerForensics\">PowerForensics<\/a>\u00a0is a PowerShell based utility intended for live disk forensic analysis<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Real-Time Utilities<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/google\/grr\">Grr<\/a>\u00a0(GRR Rapid Response) is a remote live forensics tool for incident response.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/mozilla\/mig\">Mig<\/a>\u00a0(Mozilla Investigator) \u2013 a distributed real-time platform for investigating incidents on remote endpoints.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Imaging Tools (Data Acquisition and Cloning)<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/sourceforge.net\/projects\/dc3dd\/\">Dc3dd<\/a>\u00a0\u2013 an enhanced edition of the GNU\u00a0<a href=\"http:\/\/www.forensicswiki.org\/wiki\/Dd\">dd<\/a>\u00a0utility featuring on-the-fly hashing, pattern writing, file verification, and other functions for digital evidence acquisition.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/adulau\/dcfldd\">Dcfldd<\/a>\u00a0is yet another improved version of the dd program.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"http:\/\/guymager.sourceforge.net\/\">Guymager<\/a>\u00a0is an imaging tool running under Linux that allows viewing and cloning data media.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Data Extraction<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/EricZimmerman\/bstrings\">Bstrings<\/a>\u00a0is an improved version of the popular\u00a0<a href=\"http:\/\/www.forensicswiki.org\/wiki\/Strings\">strings<\/a>\u00a0utility.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/simsong\/bulk_extractor\">bulk_extractor<\/a>\u00a0enables you to extract email addresses, IP addresses and phone numbers from files.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/fireeye\/flare-floss\">Flare-floss<\/a>\u00a0is a utility using static analysis techniques to automatically extract obfuscated strings from malware binaries.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/www.cgsecurity.org\/wiki\/PhotoRec\">Photorec<\/a>\u00a0is a recovery tool that extracts deleted files, including documents, archives, photos, and videos from hard drives and CDs.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>RAM Memory Forensics<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/ShaneK2\/inVtero.net\">inVtero.net<\/a>\u00a0\u2013 this tool\u2019s distinguishing hallmark is the high speed of extracting data directly from memory.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/denandz\/KeeFarce\">KeeFarse<\/a>\u00a0extracts KeePass passwords from memory.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/google\/rekall\">Rekall<\/a>\u00a0is a Python-based tool for\u00a0analyzing\u00a0RAM memory dumps.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/volatilityfoundation\/volatility\">Volatility<\/a>\u00a0framework is a collection of utilities for extracting digital\u00a0artifacts\u00a0from RAM memory samples.<\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/kevthehermit\/VolUtility\">VolUtility<\/a>\u00a0provides a web interface for the Volatility Framework mentioned above.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Network Analysis<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/tools.netsa.cert.org\/silk\/\">SiLK Tools<\/a>\u00a0is a traffic analysis toolkit that facilitates security analysis for large networks.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/www.wireshark.org\/\">Wireshark<\/a>\u00a0is one of the world\u2019s most popular network sniffers.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Windows Artefacts (Extracting Files, Downloads History, USB memory stick data, etc.)<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/SekoiaLab\/Fastir_Collector\">FastIR Collector<\/a>\u00a0is an all-in-one tool for harvesting Windows information (registry, file system, services,\u00a0startup\u00a0programs, etc.).<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/www.pinguin.lu\/fred\">FRED<\/a>\u00a0is a cross-platform Windows registry analysis utility.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"http:\/\/az4n6.blogspot.de\/2015\/09\/whos-your-master-mft-parsers-reviewed.html\">MFT Parsers<\/a>\u00a0is a tool facilitating comparative analysis of Master File Table information.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/aarsakian\/MFTExtractor\">MFTExtractor<\/a>\u00a0\u2013\u00a0another handy parser of Master File Table.<\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/Lazza\/RecuperaBit\">RecuperaBit<\/a>\u00a0reconstructs NTFS file system.<\/li>\n<li data-aria-posinset=\"6\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/williballenthin\/python-ntfs\">python-ntfs<\/a>\u00a0is a Python library for NTFS analysis.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>OS X Analysis<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/jipegit\/OSXAuditor\">OS X Auditor<\/a>\u00a0is a popular free forensics tool supporting Mac OS X that parses and hashes various system artefacts.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Internet Artefacts<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/eLoopWoo\/chrome-url-dumper\">chrome-url-dumper<\/a>\u00a0is intended for extracting different types of web surfing information from Google Chrome.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/obsidianforensics\/hindsight\">Hindsight<\/a>\u00a0analyzes\u00a0Google Chrome\/Chromium history.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Timeline Analysis<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/log2timeline\/plaso\">plaso<\/a>\u00a0is a tool that extracts and aggregates timestamps.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/google\/timesketch\">Timesketch<\/a>\u00a0facilitates collaborative timeline analysis.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Hex Editors<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"http:\/\/www.suavetech.com\/0xed\/\">0xED<\/a>\u00a0is a hex editor for Mac OS X.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"http:\/\/www.synalysis.net\/\">Synalyze It!<\/a>\u00a0is a popular hex editor for Mac OS X featuring an intuitive interface and extensible controls.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/hexinator.com\/\">Hexinator<\/a>\u00a0is a Windows\/Linux version of\u00a0Synalyze\u00a0It!.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/mh-nexus.de\/de\/hxd\/\">HxD<\/a>\u00a0\u2013 a lightweight and fast hex editor.<\/li>\n<li data-aria-posinset=\"5\" data-aria-level=\"2\"><a href=\"http:\/\/apps.tempel.org\/iBored\/\">iBored<\/a>\u00a0is a cross-platform hex editor supporting Windows, Linux, and Mac OS X.<\/li>\n<li data-aria-posinset=\"6\" data-aria-level=\"2\"><a href=\"http:\/\/www.wxhexeditor.org\/\">wxHexEditor<\/a>\u00a0is another free cross-platform hex editor delivering extensive features for file comparison.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Data Converters<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/gchq\/CyberChef\">CyberChef<\/a>\u00a0is a universal tool for encryption, decoding, compression, and data analysis.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"http:\/\/sandersonforensics.com\/forum\/content.php?245-DateDecode-a-forensic-tool-to-decode-a-number-as-various-date-formats\">DateDecode<\/a>\u00a0is applicable for decoding random unintelligible date strings provided in 13 different formats.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>File Analysis<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"http:\/\/www.sweetscape.com\/010editor\/templates\/\">010 Editor Templates<\/a>\u00a0is a collection of binary templates for the 010 Editor tool.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/mac4n6\/HFSPlus_Resources\/tree\/master\/HFSPlus_Grammars\">HFSPlus Grammars<\/a>\u00a0is a collection of HFS+ components for\u00a0Synalyze\u00a0It!.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/www.synalysis.net\/formats.xml\">Synalyze It! Grammar<\/a>\u00a0is a resource encompassing grammar files for the\u00a0Synalyze\u00a0It! hex editor.<\/li>\n<li data-aria-posinset=\"4\" data-aria-level=\"2\"><a href=\"https:\/\/www.x-ways.net\/winhex\/templates\/\">WinHex Templates<\/a>\u00a0\u2013 file components for the\u00a0WinHex\u00a0and X-Ways Forensics utilities.<\/li>\n<\/ul>\n<p aria-level=\"2\"><b>Disk Image Processing<\/b><\/p>\n<ul>\n<li data-aria-posinset=\"1\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/ralphje\/imagemounter\/\">imagemounter<\/a>\u00a0is a command line tool that helps mount\/unmount disk images.<\/li>\n<li data-aria-posinset=\"2\" data-aria-level=\"2\"><a href=\"https:\/\/github.com\/libyal\/libewf\">libewf<\/a>\u00a0is a library and toolkit to access and work with EWF (Expert Witness Compression Format) and E01 format files.<\/li>\n<li data-aria-posinset=\"3\" data-aria-level=\"2\"><a href=\"https:\/\/www.pinguin.lu\/xmount\">xmount<\/a>\u00a0is a utility that converts between different disk image types.<\/li>\n<\/ul>\n<p><strong>A FULLY UPDATED LIST ALL COMPUTER FORENSICS TOOLS CAN BE FOUND HERE:\u00a0<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.forensicswiki.org\/wiki\/Category:Tools\">https:\/\/www.forensicswiki.org\/wiki\/Category:Tools<\/a><\/li>\n<li><a href=\"https:\/\/forensicswiki.org\/wiki\/Tools\">https:\/\/forensicswiki.org\/wiki\/Tools<\/a><\/li>\n<li><a href=\"https:\/\/forensicswiki.org\/wiki\/Tools#Open_Source_Tools\">https:\/\/forensicswiki.org\/wiki\/Tools#Open_Source_Tools<\/a><\/li>\n<\/ul>\n<p><b><i>All suggestions and additions or updates can be emailed to info@cflab.co.uk\u00a0\u00a0<\/i><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Computer Forensics Tools -Part IV Some More FREE CF Tools: Frameworks DFF\u00a0(Digital Forensics Framework) \u2013 an open source platform applicable for data retrieval and analysis. <a class=\"mh-excerpt-more\" href=\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\" title=\"Computer Forensics Tools -Part IV\"><span>Read More<\/span><\/a><\/p>\n<\/div>","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-43","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Computer Forensics Tools -Part IV - Computer Forensics Expert<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Computer Forensics Tools -Part IV - Computer Forensics Expert\" \/>\n<meta property=\"og:description\" content=\"Computer Forensics Tools -Part IV Some More FREE CF Tools: Frameworks DFF\u00a0(Digital Forensics Framework) \u2013 an open source platform applicable for data retrieval and analysis. Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\" \/>\n<meta property=\"og:site_name\" content=\"Computer Forensics Expert\" \/>\n<meta property=\"article:modified_time\" content=\"2018-09-17T16:42:38+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\",\"url\":\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\",\"name\":\"Computer Forensics Tools -Part IV - Computer Forensics Expert\",\"isPartOf\":{\"@id\":\"https:\/\/josephnaghdi.com\/#website\"},\"datePublished\":\"2018-09-17T16:19:49+00:00\",\"dateModified\":\"2018-09-17T16:42:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/josephnaghdi.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Computer Forensics Tools -Part IV\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/josephnaghdi.com\/#website\",\"url\":\"https:\/\/josephnaghdi.com\/\",\"name\":\"Computer Forensics Expert\",\"description\":\"Digital Forensics Investigatory Tools\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/josephnaghdi.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Computer Forensics Tools -Part IV - Computer Forensics Expert","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/","og_locale":"en_US","og_type":"article","og_title":"Computer Forensics Tools -Part IV - Computer Forensics Expert","og_description":"Computer Forensics Tools -Part IV Some More FREE CF Tools: Frameworks DFF\u00a0(Digital Forensics Framework) \u2013 an open source platform applicable for data retrieval and analysis. Read More","og_url":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/","og_site_name":"Computer Forensics Expert","article_modified_time":"2018-09-17T16:42:38+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/","url":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/","name":"Computer Forensics Tools -Part IV - Computer Forensics Expert","isPartOf":{"@id":"https:\/\/josephnaghdi.com\/#website"},"datePublished":"2018-09-17T16:19:49+00:00","dateModified":"2018-09-17T16:42:38+00:00","breadcrumb":{"@id":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/josephnaghdi.com\/index.php\/computer-forensics-tools-part-four\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/josephnaghdi.com\/"},{"@type":"ListItem","position":2,"name":"Computer Forensics Tools -Part IV"}]},{"@type":"WebSite","@id":"https:\/\/josephnaghdi.com\/#website","url":"https:\/\/josephnaghdi.com\/","name":"Computer Forensics Expert","description":"Digital Forensics Investigatory Tools","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/josephnaghdi.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":2,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/43\/revisions"}],"predecessor-version":[{"id":53,"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/pages\/43\/revisions\/53"}],"wp:attachment":[{"href":"https:\/\/josephnaghdi.com\/index.php\/wp-json\/wp\/v2\/media?parent=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}