EC Council has defined digital forensics as a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime. The term digital forensics was first used as a synonym for computer forensics. Since then, it has expanded to cover the investigation of any devices that can store digital data.
Although the first computer crime was reported in 1978, followed by the Florida computers act, it wasn’t until the 1990s that it became a recognized term. According to techopedia Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information to reconstruct past events.
The Sleuth Kit (+Autopsy)
Autopsy® is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.
The Sleuth Kit® is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools. Check for more information here.
Volatility
The Volatility Foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.
Volatility introduced people to the power of analyzing the runtime state of a system using the data found in volatile storage (RAM). It also provided a cross-platform, modular, and extensible platform to encourage further work into this exciting area of research. Check for more information here.
EnCase
Guidance created the category for digital investigation software with EnCase Forensic in 1998. EnCase has maintained its reputation as the gold standard in criminal investigations and was named the Best Computer Forensic Solution for eight consecutive years by SC Magazine. No other solution offers the same level of functionality, flexibility, and has the track record of court-acceptance as EnCase Forensic. With EnCase offering mobile forensics, investigators have the flexibility and convenience they need to complete their investigations quickly and efficiently. Check for more information here.
CrowdStrike CrowdResponse
As the user base of CrowdResponse multiplies, we see a steady stream of requests from active users. Many use the tool for its excellent YARA scanning capabilities and are starting to include additional data collection modules into their live response process. Check for more information here.
FTK Imager
FTK® Imager is a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as AccessData® Forensic Toolkit® (FTK) is warranted. FTK Imager can also create perfect copies (forensic images) of computer data without making changes to the original evidence. Check for more information here.
Linux ‘dd’
There’s all kinds of stuff you can do with dd if you research hard enough, but where it shines is in the ways it lets you play with partitions. But, because those filesystem archives aren’t complete images, they’ll require a running host OS at both ends to serve as a base.
Using dd, on the other hand, can make perfect byte-for-byte images of, well, just about anything digital. Check for more information here.
ExifTool
ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, Lyrics3, as well as the maker notes of many digital cameras by Canon. Check for more information here.
SANS SIFT
The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite.
SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. Check for more information here.
Hex Editor Neo
Hex Editor Neo is the fastest large files optimized binary file editor for Windows platform developed by HHD Software Ltd. It’s distributed under “Freemium” model and provides you with all basic editing features for free. Hex Editor Neo provides the most powerful and flexible solution when it comes to searching and replacing data in files: the Find command is used to search for a pattern and Replace command is used to search for a pattern and then replace it with another pattern. The size of the search and replace pattern may differ and the replace pattern may even be empty. Check for more information here.
Paladin Forensic Suite
PALADIN has become the World’s #1 Forensic Suite used by thousands of digital forensic examiners from Law Enforcement, Military, Federal, State and Corporate agencies.
The PALADIN Toolbox combines the power of several court-tested Open Source forensic tools into a simple interface that can be used by anyone. With the PALADIN Toolbox a user can easily and quickly TRIAGE – SEARCH – IMAGE and more!
The Art Of Cyber-Space 