Forensic Tools
- Tags
- security
Refers to various tools used in the digital forensic process.
FTK Imager
[see page 2, Used] to create disk or memory images.
Forensic Toolkit (FTK)
Used for analysis of data copied using FTK Imager.
Autopsy
Used as a [see page 5, platform] which is extended third party plugins to give analysts powerful tools for investigating various incidents.
Is FOSS.
Volatility
Command line [see page 7, utility] used for memory forensics. Can find out processes running on a particular computer, what applications where running, what sockets were open, communications with the computer (including IP)
ReMnux
[see page 9, Toolkit] for reverse-engineering and analysing malicious software. Provides a curated collection of free tools made by the community. Analysts can use it to investigate malware without having to find, install and configure tools.
Kali Linux
Debian based Linux distro geared towards various information security tasks. Widely used for pentest, computer forensics and reverse engineering.
Cellebrite
Mobile forensics [see page 13, tool kit] allowing you to extract data from a wide range of mobile devices. Allows investigators to bypass pattern, password or pin locks and overcome encryption challenges (which are popular on android/iOS devices). Can also be used for analysing sim-card or geographical data.
Andriller
Utility for mobile see page 15, forensics. Performs read-only, forensically sound, non-destructive acquisition of data from devices and can be used for cracking pin/password/pattern authentication.
Wirsehark
[see page 16, Network] security and forensics tool. Let's you see network interactions at a microscopic level.
HxD
A fast hexadecimal editor for RAM/Disk drives.
Write Blockers
Prevents [see page 18, writing] to the hard disk, ensures hard disk data is not tampered with. Typically when you plug a hard-drive to a computer the computer will write to the drive (example: last accessed date). A write blocker interrupts this attempts and prevents writing. Can be introduced at the hardware or software level.
Faraday Bag
A [see page 12, container] which prevents enclosed objects from accessing the internet or other networks.