List of Computer Forensics Tools

Computer Forensics Tools

what is computer forensics?

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. With these useful forensics tools we can finish this work shortly and accurately.

A) List of tools for computer forensics

1. SANS Investigative Forensics Toolkit – SIFT (GPL V2.0)
Multi-purpose forensic operating system
computer-forensics.sans.org

2. EnCase (Windows, commercial, V6.18)
Multi-purpose forensic tool
www.guidancesoftware.com

3. FTK (Windows, commercial, V3.2)
Multi-purpose tool, commonly used to index acquired media.
accessdata.com/products/forensic-investigation/ftk

4. PTK Forensics (LAMP, free/commercial, V2.0)
GUI for The Sleuth Kit
sourceforge.net/projects/ptk-forensics/

5. The Coroner’s Toolkit (Unix-like, IBM Public License, V1.19)
A suite of programs for Unix analysis
www.porcupine.org/forensics/tct.html

6. COFEE (Windows,Proprietary)
A suite of tools for Windows developed by Microsoft, only available to law enforcement
cofee.nw3c.org

7. The Sleuth Kit (Unix-like/Windows, IPL, CPL, GPL, V3.1.1)
A library of tools for both Unix and Windows
www.sleuthkit.org

8. Categoriser 4 Pictures (Windows, Free, V4.0.2)
Image categorisation tool develop, available to law enforcement

9. Paraben P2 Commander (Windows, Commercial)
General purpose forensic tool

10. Open Computer Forensics Architecture (Linux, LGPL/GPL, 2.3.0)
Computer forensics framework for CF-Lab environment

11. SafeBack (commercial, V3.0)
Digital media (evidence) acquisition and backup

12. Forensic Assistant (Windows, commercial, V1.2)
User activity analyzer(E-mail, IM, Docs, Browsers), plus set of forensics tools

B) Tools for Mobile device forensics

Mobile forensics tools tend to consist of both a hardware and software component.

1. Cellebrite Mobile Forensics (Windows, Commercial)
Univarsal Forensics Extraction Device – Hardware and Software

2. Radio Tactics Aceso (Windows, Commercial)
“All-in-one” unit with a touch screen

3. Paraben Device Seizure (Windows, Commercial)
Hardware/Software package

4. MicroSystemation .XRY/.XACT (Windows, Commercial)
Hardware/Software package, specialises in deleted data

5. Oxygen Phone Manager (Commercial)

C) Other computer forensics tools

1. HashKeeper (Windows, free)
Database application for storing file hash signatures

2. Evidence Eliminator (Windows, commercial, V6.03)
Anti-forensics software, claims to delete files securely

3. DECAF (Windows, free)
Tool which automatically executes a set of user defined actions on detecting MS’s COFEE tool