hi all
i recently graduated university and haven't done any forensics since, i was wondering if anyone knew of any free software that works like FTK or Encase just so i can keep practicing and not forget everything i learnt?
thanks for any help
michael
Suites Autopsy, SIFT, Paladin. Tons of individual tools e.g. RegRipper, MFTDump, a whole slew of things from NirSoft.
Some good areas to look
http//
http//
https://
I'll second autopsy and also download a copy of winhex.
If you mount image files with FTK imager you can open the physical disk in winhex
While I do love Autopsy,
I wholeheartedly recommend The Sleuth Kit along with a solid forensic based Linux Distro (Sift etc). Also a good hex editor (like ghex) is also essential. This will teach you much more than other commercial tools (encase) in my opinion. (as one of my old instructors put it "there is no 'get evidence' button".)
Autopsy is just a GUI front end for The Sleuth Kit (TSK) and great for windows users or those not comfortable with the command line.
Brian Carrier's (developer of TSK) book "File System Forensic Analysis" goes in to detail on using TSK in forensic applications.
Keep in mind, most Open Source Tools (OST) do not function like Encase with nice pretty GUI front ends. The benefit of these commercial tools is they take the functionality of many other (even OST) tools and wrap them into one easy to use package. Autopsy comes closest to this for free. Be prepared to start researching for tools or techniques to replace something that may be more convenient with commercial tools.