Forensics

Forensic Toolkit – Comprehensive Guide To Digital Forensics Tools And Techniques

In the realm of digital forensics, having the right tools is crucial for thorough investigations. This article provides an overview of essential forensic tools used for analyzing files, detecting steganography, handling audio files, examining memory dumps, and more.

Whether you’re a beginner or an experienced investigator, these tools will help you uncover hidden data and analyze malicious activities effectively.

Tools Used For Basic Analysis:

Whenever you get any file, first do the initial analysis using these command line tools.

ToolDescriptionUsage
fileChecks the type of filefile -filename
exiftoolGives the basic metadataexiftool – filename
binwalkShows the embedded filesbinwalk -filename
stringsGives out all printable charactersstrings -filename
foremostExtracts out any embedded filesforemost -filename
pngcheckDetails about a png imagepngcheck –options -filename
ffmpegCheck the integrity of audio filesffmpeg –options -filename

Steganography Detection Tools:

These are some tools which detect if any stegnano activity is being done on any kind of file:

ToolFile Types SupportedUsage
zstegPNG,BMPzsteg -filename
stegdetectJPGstegdetect -filename
stegbreakJPGstegbreak -t o -f wordlist.txt -filename
stegsolveAll image formatDetail is mentioned below

First install the jar package of stegsolve and then use it as follows: [java -jar stegsolve] in Terminal.

Make sure you install the required java package also

Steganography Application Tools:

These tools could be used to implement as well as reveal any hidden messages.One can try any of these tools if they feel that one of these techniques have been implemented to hide any message.

ToolFile Types SupportedHidingRecovering
JstegJPGjsteg hide hide.jpg secret.txt image1.jpgjsteg reveal hide.jpg output.txt
OpenStegoPNGopenstego embed -mf secret.txt -cf hide.png -p password -sf stego.pngopenstego extract -sf openstego.png -p ab12 -xf output.txt
OutguessJPGoutguess -k password -d secret.txt cover.jpg stego.jpgoutguess -r -k password stego.jpg output.txt
SteghideJPG,BMP,WAVsteghide embed -f -ef secret.txt -cf cover.jpg -p password -sf stego.jpgsteghide extract -sf stego.jpg -p password -xf output.txt
LSBStegPNG,BMPLSBSteg encode -i cover.png -o stego.png -f secret.txtLSBSteg decode -i stego.png -o output.txt
mp3stegoAudio filesmp3stego-encode -E secret.txt -P password cover.wav stego.mp3mp3stego-decode -X -P password stego.mp3 out.txt
AudioStegoAudio fileshideme cover.mp3 secret.txt && mv ./output.mp3 stego.mp3hideme stego.mp3 -f && cat output.txt
steganoPNGstegano-lsb hide –input cover.jpg -f secret.txt -e UTF-8 –output stego.png or stegano-red hide –input cover.png -m “secret msg” –output stego.png or stegano-lsb-set hide –input cover.png -f secret.txt -e UTF-8 -g $GENERATOR –output stego.png for various generators (stegano-lsb-set list-generators)stegano-lsb reveal -i stego.png -e UTF-8 -o output.txt or stegano-red reveal -i stego.png or stegano-lsb-set reveal -i stego.png -e UTF-8 -g $GENERATOR -o output.txt

Tools dealing With Audio Files(Embedding And Revealing Data):

ToolDescriptionUsage
AudacityThis is a great tool in analysing, modifying and revealing any data present inside audio, mostly used in analysing audio filesaudacity -filename
Sonic VisualiserYet another similar tool like Audacity, which also cud be used in investigating audio filessonic-visualiser -filename
DeepsoundThis is a tool which is used to hide/reveal any data in audio file using a passwordIt is a Windows apllication

mp3stego and Audiostego are also tools which could be used for Audio data analysis.

Deepsound is a Windows based application, which can be downloaded from Internet.

(Pssss.. Just check my Tool_Vault maybe you can find one)

Tool Dealing With Memory Dumps(Analysing Hidden Data Or Malicious Activity):

Volatility is an open source memory forensics framework for incident response and malware analysis. It is written in Python and supports Microsoft Windows, Mac OS X, and Linux.

To download volatility just type in the terminal sudo apt-get install volatility

Tools Dealing With Network Packet Captures(Analysing Network Activity):

ToolDescriptionUsage
WiresharkWireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol developmentwireshark filename.pcap
Tcpdumptcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attachedtcpdump -options
Network MinerNetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the networkGUI application

Network Miner is a GUI Application which can be downloaded from Internet Or just check my Vault… 

Tools Used For Disk-Image Data Analysis:

ToolDescriptionUsage
FdiskFor computer file systems, fdisk is a command-line utility that provides disk partitioning functionsfdsik -lu filename
mmlsmmls displays the contents of a volume system (media management). In general, this is used to list the partition table contents so that you can determine where each partition starts. The output identifies the type of partition and its length, which makes it easy to use ‘dd’ to extract the partitionsmmls filename
TestDiskTestdisk is powerful free data recovery software. It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty softwaretestdisk filename
AutopsyAutopsy is computer software that makes it simpler to deploy many of the open source programs and plugins used in The Sleuth Kit. The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of dataGUI Application
OSForensicsOSForensics is a digital computer forensic application which lets you extract and analyse digital data evidence efficiently and with ease. It discovers, identifies and manages ie uncovers everything hidden inside your computer systems and digital storage devices.GUI Application
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago