Hello,
As part of my degree I am required to select a forensic tool and critique the functions and produce a guide/report on how the tool works and all of the different functionalities. I am just wondering if anyone could point me in the right direction towards some of the better open source products out there?
Kindest regards
My suggestion is to study about Sleuth Kit and Autopsy. Sleuth kit provides lot of tools that covers forensic aspects while Autopsy act as a front-end GUI. Autopsy may need lots of improvements and optimizations too.
http//
Sorry, I forgot to mention there's a ban list! Haha the list is
EnCase
ï‚· EnCase Imager
ï‚· FTK
ï‚· FTK Imager
ï‚· RegRipper
ï‚· AccessData Registry Viewer
ï‚· Autopsy/TSK
ï‚· Wireshark
ï‚· Tableau Imager
Sorry, I forgot to mention there's a ban list
In this case you might consider having a look at
- Volatility
- Rekall
- Google GRR
- the SIFT Workstation
- Bulkextractor
- tools from Joakim Schicht or Eric Zimmerman
just my 2 cent
Robin
https://
A good choice based on the possibility of following the SANS training route…
Sorry, I forgot to mention there's a ban list! Haha the list is
EnCase
ï‚· EnCase Imager
ï‚· FTK
ï‚· FTK Imager
ï‚· RegRipper
ï‚· AccessData Registry Viewer
ï‚· Autopsy/TSK
ï‚· Wireshark
ï‚· Tableau Imager
I would suggest Paladin Linux, it's a great imaging tool and has a few utilities built in as well. (https://
Forensic Explorer is also worth checking out. You can download a demo that's good for 30 days.
Can you do a log2timeline Great tool you could talk about mounting the image and running the tool. Also custom log2timeline analysis.
I too recommend Paladin from Sumuri.com. Their Paladin Toolbox is an imaging suite that does a good job of presenting enough options to make imaging painless as possible and to avoid making mistakes. Other than that, they present a forensic suite that contains many forensic tools that I feel may be too much to report on if you choose all the tools to write about. On the other hand if you picked only one or two tools from their forensic suite, the report may appear too short or give the impression you skimped over a lot of stuff.
It's not an open source tool, but Magnet Forensics is a popular forensic tool that's quickly taking over the market. They have a trial version, but the idea is to get companies to try before you buy, so I don't know if you can get a copy or not. It's worth a try.
Good luck,
John
My suggestion is to study about Sleuth Kit and Autopsy.
Can you tell me how tools such as the Sleuth kit can be better than using tools from Cellebrite and oxygen? what can the open source tools do that the expensive one's can't?
Just a curious question btw. )