Disk tools and data capture

Disk tools and data capture




DumpIt MoonSols Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
EnCase Forensic Imager Guidance Software Create EnCase evidence files and EnCase logical evidence files [direct download link]
Encrypted Disk Detector* Magnet Forensics Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
EWF MetaEditor 4Discovery Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
FAT32 Format Ridgecrop Enables large capacity disks to be formatted as FAT32
Forensics Acquisition of Websites Web Content Protection Association Browser designed to forensically capture web pages
FTK Imager* AccessData Imaging tool, disk viewer and image mounter
Guymager vogu00 Multi-threaded GUI imager under running under Linux
HotSwap Kazuyuki Nakayama Safely remove SATA disks similar to the “Safely Remove Hardware” icon in the notification area
LiveView CERT Allows examiner to boot dd images in VMware.
NetworkMiner Hjelmvik Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
Nmap Nmap Utility for network discovery and security auditing
P2 Explorer Free Paraben Mount forensic images as read-only local logical and physical disks
Live RAM Capturer* Belkasoft Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
OSFClone Passmark Software Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
OSFMount Passmark Software Mounts a wide range of disk images. Also allows creation of RAM disks
Tableau Imager* Tableau Imaging tool for use with Tableau imaging products
Wireshark Wireshark Network protocol capture and analysis
VHD Tool Microsoft Converts raw disk images to VHD format which are mountable in Windows Disk Management

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.