The major mobile forensic vendors keep an eye open on the open source projects and if there is anything useful released, they implement those (or at least reuse the idea) in their own products.
I am just wondering if anyone could point me in the right direction towards some of the better open source products out there?
Start from what amount of time you have available for this. Don't select a product that you can't cover in the time … and you should not underestimate the time required.
Find a tool that does one, fairly small and well-delimited task, and preferrably one that you understand well, and that you have some reasonably good test data for.
If you are going to look at some tool that does unix-like file system analysis for example, see if you can find Elizabeth Zwicky's test data for backup programs. It was created to be completely legitimate, have almost everything (file names as long as the platform allowed, directory trees as deep as could be handled, files with 'holes', files with control characters in file names, files that didn't allow any access to anyone, etc. etc.) and many backup programs failed to handle the data in that test suite correctly.
Very instructive.
Hello,
Incase anybody would like to know, the product I chose was OSForensics. I am happy to provide my insights on the product if anybody is interested.
Kindest Regards.
I am happy to provide my insights on the product if anybody is interested
Start a blog?
Sorry, I forgot to mention there's a ban list! Haha the list is
EnCase
EnCase Imager
FTK
FTK Imager
RegRipper
AccessData Registry Viewer
Autopsy/TSK
Wireshark
Tableau Imager
Why is RegRipper on the ban list? It's open source, and has very few contributors…there are some, but given the number of DFIR folks who have access to it, or include it in their distros or courses, you'd think that there would be more. I get questions from course instructors asking if the tool does something, or how it does it.