Forensics

Computer Forensics : Exploring The Tools Of The Trade – A Comprehensive Guide

Computer forensics is an essential field that involves the investigation of digital devices to uncover evidence in various scenarios, including criminal activities and corporate disputes.

This article provides a curated list of top-notch free tools and resources that are crucial for anyone involved in the forensic analysis of computers.

From specialized operating systems to advanced frameworks and utilities for data recovery, this guide covers all the necessary tools to equip you with the skills needed for effective digital investigations.

Curated list of awesome free forensic analysis tools and resources.

  • Computer Forensics
    • Distributions
    • Frameworks
    • Memory Forensics
    • Network Forensics
    • Live Forensics
    • IOC Scanner
    • Imaging
    • Windows Artifacts
    • OS X Forensics
    • Mobile Forensics
    • Docker Forensics
    • Picture Analysis
    • Metadata Forensics
    • Steganography
    • Management
    • Decryption
    • Disk image handling
    • Resources

Distributions

NameDescriptions
bitscoutBitscout is customizable live OS constructor tool written entirely in bash. It’s main purpose is to help you quickly create own remote forensics bootable disk image.
RemnuxREMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.
SANS Investigative Forensics Toolkit (sift)Linux distribution for forensic analysis
Tsurugi LinuxTsurugi Linux is a DFIR open source project that is and will be totally free, independent, without involving any commercial brand Our main goal is share knowledge and “give back to the community”
WinFEAs a result of this, WinFE will now load on UEFI as well as legacy systems, without changing BIOS settings. This means that devices, such as the Microsoft Surface Pro can be easily forensically imaged. BitLocker is also supported providing that you have access to either the unlock key or password.

Frameworks

NameDescriptions
AutopsyAutopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.
dffDFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
dexterForensics acquisition framework designed to be extensible and secure.
IntelMQIntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
KuiperKuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences (evidences could be collected by fast traige script like Hoarder).
Laika BOSSLaika BOSS: Object Scanning System.
PowerForensicsPowerForensics provides an all in one platform for live disk forensic analysis.
The Sleuth KitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
turbiniaTurbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms
IPED - Indexador e Processador de Evidências DigitaisIPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Wombat ForensicsWombat Forensics is a new Forensic Analysis tool built entirely in C and C++. The GUI is built using Qt5, so it may one day work on Windows, Linux and Macintosh systems.
binwalkFirmware Analysis Tool

For more information click here.

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

4 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

4 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

4 weeks ago