Disk tools and data capture
Name |
From |
Description |
|---|---|---|
| DumpIt | MoonSols | Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive. |
| EnCase Forensic Imager | Guidance Software | Create EnCase evidence files and EnCase logical evidence files [direct download link] |
| Encrypted Disk Detector* | Magnet Forensics | Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes |
| EWF MetaEditor | 4Discovery | Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier) |
| FAT32 Format | Ridgecrop | Enables large capacity disks to be formatted as FAT32 |
| Forensics Acquisition of Websites | Web Content Protection Association | Browser designed to forensically capture web pages |
| FTK Imager* | AccessData | Imaging tool, disk viewer and image mounter |
| Guymager | vogu00 | Multi-threaded GUI imager under running under Linux |
| HotSwap | Kazuyuki Nakayama | Safely remove SATA disks similar to the “Safely Remove Hardware” icon in the notification area |
| LiveView | CERT | Allows examiner to boot dd images in VMware. |
| NetworkMiner | Hjelmvik | Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing |
| Nmap | Nmap | Utility for network discovery and security auditing |
| P2 Explorer Free | Paraben | Mount forensic images as read-only local logical and physical disks |
| Live RAM Capturer* | Belkasoft | Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds |
| OSFClone | Passmark Software | Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones. |
| OSFMount | Passmark Software | Mounts a wide range of disk images. Also allows creation of RAM disks |
| Tableau Imager* | Tableau | Imaging tool for use with Tableau imaging products |
| Wireshark | Wireshark | Network protocol capture and analysis |
| VHD Tool | Microsoft | Converts raw disk images to VHD format which are mountable in Windows Disk Management |
