Digital Forensic Tools Availability in the Nutshell
Digital forensics has risen in importance for at least the last two decades, it is the byproduct of the growth of knowledge due to massive Internet penetration in the world. Digital forensics is a common action “after” a data breach, but the reality for all those that use technology is it is as important to have digital forensics “before” a possible data breach. It is called Penetration Testing, which is a voluntary action of an entity to allow a 3rd party to hack its system for a fee. Pentesting teams have been organized by various independent groups as a new form of a business entity, a pentested system is harder to hack a system.
The real thing to understand here is the digital forensics tool are available publicly, they are not rocket science, and anyone that has enough time to study them can perform digital forensic tasks. Here are some forensic tools everyone can use today, for testing, studying and understanding:
A special app with the capability to probe a PC’s USB information. It extracts information from the Windows Registry and presents it to the user in a user-friendly readable format. It can detect who is the user who used n USB device in the system, and what time and date it was mounted and unmounted in the system.
How can this program be useful, well we are well aware that many malware spreads through USB flash drive and with this app the system administrator can pinpoint when and who used an infected USB in the computer.
Paladin Forensic Suite
It is a specially designed Live Linux Distro, contains forensic tools developed by the open-source community. The OS has defined 80+ tools under a two dozen categories. It has tools for malware analysis, Hashing tools, and other forensic tasks.
Another Live CD, specially made for computer forensics. The 2009R1 free version is still available for download even if it is 9 years old but still works as advertised. Common tools for are installed by default in the Live CD like Ophcrack, Volume Browsers and offline Registry viewer.
There is no list of digital forensic without a hex editor. HxD is one of the most user-friendly hex editors available at the moment, and it supports huge files. Unlike other hex editors, its claim to fame is the bundling of a very secure file shredder. This hex editor can open contents of a portion of RAM, using the Extra>Open RAM feature.
This is a remix of Knoppix, a Linux distro which contains many forensic tools. Its specialty is for checking memory dumps, cracking password hashes and viewing deleted Internet history.
It is a network-aware file and memory forensic software. Nothing in the system can be hidden from this tool, creating a platform to have a common report to be assessed by system administrators and network administrators.
DSi USB Write Blocker
This tool is very important to isolate a particular USB storage device from being accidentally written for further investigation. Removing the capability of Windows to write to a USB flash drive is useful for isolating a system during a data analysis and forensics checking.
Julia Sowells700 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.