Looking for a littl...
 
Notifications
Clear all

Looking for a little advice.

15 Posts
13 Users
0 Likes
1,453 Views
(@preeny95)
Posts: 5
Active Member
Topic starter
 

Hello,

As part of my degree I am required to select a forensic tool and critique the functions and produce a guide/report on how the tool works and all of the different functionalities. I am just wondering if anyone could point me in the right direction towards some of the better open source products out there?

Kindest regards

 
Posted : 01/10/2016 4:01 pm
(@nalakahewa)
Posts: 12
Active Member
 

My suggestion is to study about Sleuth Kit and Autopsy. Sleuth kit provides lot of tools that covers forensic aspects while Autopsy act as a front-end GUI. Autopsy may need lots of improvements and optimizations too.

http//www.sleuthkit.org/

 
Posted : 02/10/2016 4:02 pm
(@preeny95)
Posts: 5
Active Member
Topic starter
 

Sorry, I forgot to mention there's a ban list! Haha the list is

EnCase
ï‚· EnCase Imager
ï‚· FTK
ï‚· FTK Imager
ï‚· RegRipper
ï‚· AccessData Registry Viewer
ï‚· Autopsy/TSK
ï‚· Wireshark
ï‚· Tableau Imager

 
Posted : 02/10/2016 4:31 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Sorry, I forgot to mention there's a ban list

In this case you might consider having a look at

- Volatility
- Rekall
- Google GRR
- the SIFT Workstation
- Bulkextractor
- tools from Joakim Schicht or Eric Zimmerman

just my 2 cent

Robin

 
Posted : 02/10/2016 5:24 pm
(@436172730d0a)
Posts: 2
New Member
 

https://digital-forensics.sans.org/community/downloads

A good choice based on the possibility of following the SANS training route…

 
Posted : 26/10/2016 6:36 pm
(@wookieshaver)
Posts: 27
Eminent Member
 

Sorry, I forgot to mention there's a ban list! Haha the list is

EnCase
ï‚· EnCase Imager
ï‚· FTK
ï‚· FTK Imager
ï‚· RegRipper
ï‚· AccessData Registry Viewer
ï‚· Autopsy/TSK
ï‚· Wireshark
ï‚· Tableau Imager

I would suggest Paladin Linux, it's a great imaging tool and has a few utilities built in as well. (https://sumuri.com/software/paladin/) You have to create an account at their website for the tool but you can set your own price (aka 0) when you download. I would suggest using Paladin Edge (the 32 bit version) for better compatibility across the board.

 
Posted : 26/10/2016 7:34 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

Forensic Explorer is also worth checking out. You can download a demo that's good for 30 days.

 
Posted : 26/10/2016 8:24 pm
(@deltron)
Posts: 125
Estimable Member
 

Can you do a log2timeline Great tool you could talk about mounting the image and running the tool. Also custom log2timeline analysis.

 
Posted : 26/10/2016 9:13 pm
(@jahearne)
Posts: 35
Eminent Member
 

I too recommend Paladin from Sumuri.com. Their Paladin Toolbox is an imaging suite that does a good job of presenting enough options to make imaging painless as possible and to avoid making mistakes. Other than that, they present a forensic suite that contains many forensic tools that I feel may be too much to report on if you choose all the tools to write about. On the other hand if you picked only one or two tools from their forensic suite, the report may appear too short or give the impression you skimped over a lot of stuff.

It's not an open source tool, but Magnet Forensics is a popular forensic tool that's quickly taking over the market. They have a trial version, but the idea is to get companies to try before you buy, so I don't know if you can get a copy or not. It's worth a try.

Good luck,
John

 
Posted : 27/10/2016 3:05 am
Vesalius
(@vesalius)
Posts: 66
Estimable Member
 

My suggestion is to study about Sleuth Kit and Autopsy.

Can you tell me how tools such as the Sleuth kit can be better than using tools from Cellebrite and oxygen? what can the open source tools do that the expensive one's can't?

Just a curious question btw. )

 
Posted : 07/12/2016 12:06 pm
Page 1 / 2
Share: