Digital Forensic Tools Availability in the Nutshell

Digital Forensic Tools Availability in the Nutshell

Digital forensics has risen in importance for at least the last two decades, it is the byproduct of the growth of knowledge due to massive Internet penetration in the world. Digital forensics is a common action “after” a data breach, but the reality for all those that use technology is it is as important to have digital forensics “before” a possible data breach. It is called Penetration Testing, which is a voluntary action of an entity to allow a 3rd party to hack its system for a fee. Pentesting teams have been organized by various independent groups as a new form of a business entity, a pentested system is harder to hack a system.

The real thing to understand here is the digital forensics tool are available publicly, they are not rocket science, and anyone that has enough time to study them can perform digital forensic tasks. Here are some forensic tools everyone can use today, for testing, studying and understanding:

USB Historian
A special app with the capability to probe a PC’s USB information. It extracts information from the Windows Registry and presents it to the user in a user-friendly readable format. It can detect who is the user who used n USB device in the system, and what time and date it was mounted and unmounted in the system.
How can this program be useful, well we are well aware that many malware spreads through USB flash drive and with this app the system administrator can pinpoint when and who used an infected USB in the computer.

USB Historian

Paladin Forensic Suite
It is a specially designed Live Linux Distro, contains forensic tools developed by the open-source community. The OS has defined 80+ tools under a two dozen categories. It has tools for malware analysis, Hashing tools, and other forensic tasks.

Paladin Forensic Suite

HELIX3
Another Live CD, specially made for computer forensics. The 2009R1 free version is still available for download even if it is 9 years old but still works as advertised. Common tools for are installed by default in the Live CD like Ophcrack, Volume Browsers and offline Registry viewer.

HELIX3

HxD
There is no list of digital forensic without a hex editor. HxD is one of the most user-friendly hex editors available at the moment, and it supports huge files. Unlike other hex editors, its claim to fame is the bundling of a very secure file shredder. This hex editor can open contents of a portion of RAM, using the Extra>Open RAM feature.

HxD

PlainSight
This is a remix of Knoppix, a Linux distro which contains many forensic tools. Its specialty is for checking memory dumps, cracking password hashes and viewing deleted Internet history.

PlainSight

FireEye RedLine
It is a network-aware file and memory forensic software. Nothing in the system can be hidden from this tool, creating a platform to have a common report to be assessed by system administrators and network administrators.

FireEye RedLine

DSi USB Write Blocker
This tool is very important to isolate a particular USB storage device from being accidentally written for further investigation. Removing the capability of Windows to write to a USB flash drive is useful for isolating a system during a data analysis and forensics checking.

DSi USB Write Blocker

Julia Sowells467 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register