Oxygen Forensic Suite 2014 is a mobile forensic software that goes beyond standard logical analysis of cell phones, smartphones and PDAs. Using advanced proprietary protocols permits Oxygen Forensic Suite to extract much more data than usually extracted by logical forensic tools, especially for smartphones. Oxygen Forensic Suite – Smart Forensics for Smart Phones. Forensic investigations are always challenging as you may gather all the information you could for the evidence and mitigation plan. Here are some of the computer forensic investigator tools you would need. Most of them are free! Whether it’s for an internal human resources case, an investigation into unauthorized access to a server, or if you just want to learn a new skill, these suites and utilities will help you conduct memory forensic analysis, hard drive forensic analysis, forensic image exploration, forensic imaging and mobile forensics. As such, they all provide the ability to bring back in-depth information about what’s “under the hood” of a system. Autopsy is a GUI-based open source digital forensic program to analyze hard drives and smart phones effectively. Autospy is used by thousands of users worldwide to investigate what actually happened in the computer. Encrypted Disk Detector can be helpful to check encrypted physical drives. It supports TrueCrypt, PGP, Bitlocker, Safeboot encrypted volumes. Wireshark is a network capture and analyzer tool to see what’s happening in your network. Wireshark will be handy to investigate network related incident. Magnet RAM Capture You can use to capture the physical memory of a computer and analyze artifacts in memory. It supports Windows operating system. Network Miner An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions and open ports through packet sniffing or by PCAP file. Provide extracted artifacts in an intuitive user interface. NMAP (Network Mapper) is one of the most popular networks and security auditing tools. NMAP is supported on most of the operating systems including Windows, Linux, Solaris, MAC OS, HP-UX etc. The full test data is available. Oxygen Forensics v8.3.1.105 was measured by analyzing acquired data. The mobile forensic application returned expected. It’s open source so free. RAM Capturer is a free tool to dump the data from computer’s volatile memory. It’s compatible with Windows OS. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services. Forensic Investigator If you are using Splunk then will be a very handy tool. It’s Splunk app and has many tools combined. FAW (Forensics Acquisition of Websites) is to acquire web pages for forensic investigation which has the following features. ![]() • Capture the entire or partial page • Capture all types of image • Capture HTML source code of the web page • Integrate with Wireshark 10. HashMyFiles will help you to calculate the MD5 and SHA1 hashes. It works on almost all latest Windows OS. USB Write Blocker View the USB drives content without leaving the fingerprint, changes to metadata and timestamps. Use Windows registry to write-block USB devices. Crowd Response by Crowd Strike is a windows application to gather system information for incident response and security engagements. You can view the results in XML, CSV, TSV or HTML with help of CRConvert. It runs on 32 or 64 bit of Windows XP above. Crowd Strike has some other nice tools for investigation. • Totrtilla – anonymously route TCP/IP and DNS traffic through TOR. • Shellshock Scanner – scan your network for shellshock vulnerability • Heartbleed scanner – scan your network for OpenSSL 13. NFI Defraser forensic tool may help you to detect full and partial multimedia files in the data streams. ExifTool helps you to read, write and edit meta information for a number of file types. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc. Toolsley got more than 10 useful tools for investigation. • File signature verifier • File identifier • Hash & Validate • Binary inspector • Encode text • Data URI generator • Password generator 16. SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. SIFT is a suite of forensic tools you need and one of the most popular open source incident response platform. Dumpzilla Extract all interesting information from Firefox, Iceweasel and Seamonkey browser to be analyzed with. Browser History Foxton has two free interesting tools. • Browser history capturer – capture web browser (chrome, firefox, IE & edge) history on Windows OS. • Browser history viewer – extract ana analyze internet activity history from most of the modern browsers. Results are shown in the interactive graph and historical data can be filtered. ForensicUserInfo Extract the following information with. • RID • LM/NT Hash • Password reset/Account expiry date • Login count/fail date • Groups • Profile path 20. Kali Linux is one of the most popular platforms for penetration testing but it has forensic capability too.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |