Free to use forensi...
 
Notifications
Clear all

Free to use forensics software?

7 Posts
7 Users
0 Likes
962 Views
(@weresmytriple)
Posts: 8
Active Member
Topic starter
 

hi all

i recently graduated university and haven't done any forensics since, i was wondering if anyone knew of any free software that works like FTK or Encase just so i can keep practicing and not forget everything i learnt?

thanks for any help

michael

 
Posted : 25/08/2016 9:38 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

Suites Autopsy, SIFT, Paladin. Tons of individual tools e.g. RegRipper, MFTDump, a whole slew of things from NirSoft.

 
Posted : 25/08/2016 10:48 pm
(@deltron)
Posts: 125
Estimable Member
 

Some good areas to look
http//toolcatalog.nist.gov/populated_taxonomy/index.php
http//www.dfir.training/index.php/tools/forensic-boot-systems-cd-usb

 
Posted : 26/08/2016 12:12 am
(@mobileforensicswales)
Posts: 274
Reputable Member
 

https://forensiccontrol.com/resources/free-software/

 
Posted : 26/08/2016 1:03 pm
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

All my stuff is free

https://binaryforay.blogspot.com/

 
Posted : 01/09/2016 5:52 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

I'll second autopsy and also download a copy of winhex.
If you mount image files with FTK imager you can open the physical disk in winhex

 
Posted : 02/09/2016 12:08 am
Red1
 Red1
(@red1)
Posts: 19
Active Member
 

While I do love Autopsy,

I wholeheartedly recommend The Sleuth Kit along with a solid forensic based Linux Distro (Sift etc). Also a good hex editor (like ghex) is also essential. This will teach you much more than other commercial tools (encase) in my opinion. (as one of my old instructors put it "there is no 'get evidence' button".)

Autopsy is just a GUI front end for The Sleuth Kit (TSK) and great for windows users or those not comfortable with the command line.

Brian Carrier's (developer of TSK) book "File System Forensic Analysis" goes in to detail on using TSK in forensic applications.

Keep in mind, most Open Source Tools (OST) do not function like Encase with nice pretty GUI front ends. The benefit of these commercial tools is they take the functionality of many other (even OST) tools and wrap them into one easy to use package. Autopsy comes closest to this for free. Be prepared to start researching for tools or techniques to replace something that may be more convenient with commercial tools.

 
Posted : 02/09/2016 12:24 am
Share: