Category Archive

Name From Description DCode Digital Detective Converts various data types to date/time values iPhone Backup Browser Rene Devichi View unencrypted backups of iPad, iPod and iPhones ChromeAnalysis Foxton Software Analysis of internet history data generated using Google Chrome IEHistoryView Nirsoft Extracts recently visited Internet Explorer URLs

Application analysis Name From Description Dropbox Decryptor* Magnet Forensics Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox Google Maps Tile Investigator* Magnet Forensics Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context KaZAlyser Sanderson Forensics Extracts various data from the KaZaA application LiveContactsView …

Registry analysis Name From Description ForensicUserInfo Woanware Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file Process Monitor Microsoft Examine Windows processes and registry threads in real time Registry Decoder US National Institute of Justice, Digital Forensics Solutions For the acquisition, analysis, and reporting of registry contents RegRipper Harlan …

Internet analysis Name From Description Chrome Session Parser CCL Forensics Python module for performing off-line parsing of Chrome session files (“Current Session”, “Last Session”, “Current Tabs”, “Last Tabs”) ChromeCacheView Nirsoft Reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache Cookie Cutter Mike’s Forensic Tools Extracts embedded data held …

File viewers Name From Description BKF Viewer SysTools View contents of BKF (XP backup) files E01 Viewer SysTools View E01 files to view messages within email EDB, PST and OST and search for file names Microsoft PowerPoint 2007 Viewer Microsoft View PowerPoint presentations Microsoft Visio 2010 Viewer Microsoft View Visio diagrams VLC VideoLAN View most multimedia files and DVD, Audio …

Data analysis suites Name From Description Autopsy Brian Carrier Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below) Backtrack Backtrack Penetration testing and security audit with forensic boot capability Caine Nanni Bassetti Linux based live CD, featuring a number of analysis tools Deft Dr. Stefano Fratepietro and others Linux based live CD, featuring …

Mobile devices Name From Description iPBA2 Mario Piccinelli Explore iOS backups iPhone Analyzer Leo Crawford, Mat Proud Explore the internal file structure of Pad, iPod and iPhones ivMeta Robin Wood Extracts phone model and software version and created date and GPS data from iPhone videos. Rubus* CCL Forensics Deconstructs Blackberry .ipd backup files SAFT SignalSEC Corp Obtain SMS Messages, call …

Mac OS tools Name From Description Audit Twocanoes Software Audit Preference Pane and Log Reader for OS X ChainBreaker Kyeongsik Lee Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc Disk Arbitrator Aaron Burghardt Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration Epoch Converter* Blackbag Technologies …

File and data analysis Name From Description Advanced Prefetch Analyser Allan Hay Reads Windows XP,Vista and Windows 7 prefetch files analyzeMFT David Kovar Parses the MFT from an NTFS file system allowing results to be analysed with other tools CapAnalysis Evolka PCAP viewer CrowdResponse CrowdStrike Directory enumeration, file hashes, certificate details, detailed process listing and YARA module to scan process …

Name From Description Agent Ransack Mythicsoft Search multiple files using Boolean operators and Perl Regex CaseNotes Lite Blackthorn Contemporaneous notes recorder Computer Forensic Reference Data Sets NIST Collated forensic images for training, practice and validation EvidenceMover* Nuix Copies data between locations, with file comparison, verification, logging FastCopy Shirouzu Hiroaki Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc. …

Email analysis Name From Description EDB Viewer Lepide Software Open and view (not export) Outlook EDB files without an Exchange server Mail Viewer MiTeC Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files MBOX Viewer SysTools View MBOX emails and attachments OST Viewer Lepide Software Open and view (not export) Outlook OST files …

Disk tools and data capture Name From Description DumpIt MoonSols Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive. EnCase Forensic Imager Guidance Software Create EnCase evidence files and EnCase logical evidence files [direct download link] Encrypted Disk Detector* Magnet Forensics Checks local physical drives on a system for TrueCrypt, PGP, …

Here are 20 of the best free tools that will help you conduct a digital forensic investigation.   01 SANS SIFT The SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu based Live CD which includes all the tools you need to conduct an in-depth forensic or incident response investigation. It supports analysis of Expert Witness Format (E01), Advanced Forensic Format …