I am currently studying Forensic Computing at Uni. Just finished my first year.
I am in the process of trying to build up a mass amount of software (free, being a student! ;)) which i can mess around with and practice with over the summer and throughout the next 3 years of my course.
One thing i realised i hadn't yet acquired is a decent file recovery program.
Not the usual home user type of stuff, something that will not only be able to recover the file but would give me all the nitty gritty details i need to be able to explore and practice looking at not only fully recovered files, but partially recovered files etc.
Anyone got any suggestions?
Free to download and use http//
DEFT 8.1 most important package and tool list
File Manager with disk mount’s status
Full support for Bitlocker encrypted disks, thanks libbde
The Sleuthkit 4.1.3
Digital Forensics Framework 1.3
Full support for Android and iOS 7.1 logical acquisitions (via libmobiledevice & adb)
JD GUI,
Skype Extractor 0.1.8.8,
Maltego 3.4 Tungsten,
A new version of the OSINT browser,
In alphabetical order, these are the main packages you’ll find in DEFT
audacious 3.2.3-1
bitpim 1.0.7+dfsg1-3
bkhive 1.1.1-1
bluez 4.101-0ubuntu6
catfish 0.4.0.2-0ubuntu1
clamav 0.98.1+dfsg-4ubuntu1~ubuntu12.10.2
creepy 0.1.94-1
cyclone 0.0.3-0ppa0
dash 0.5.7-3ubuntu1
dc3dd 7.1.614-1
dcfldd 1.3.4.1-2.1
ddrescue 1.14-1
dff 1.3.0
diffutils 13.2-6ubuntu1
dmraid 1.0.0.rc16-4.1ubuntu9
ed 1.6-2
ethtool 13.4.1-1
ettercap-graphical 10.7.4.2-1
evince 3.6.0-0ubuntu2
ewf-tools 20100226-1build2
fcrackzip 1.0-4
file 5.11-2ubuntu0.1
file-roller 3.6.1.1-0ubuntu1.2
findutils 4.4.2-4ubuntu2
findwild 1.9
foremost 1.5.7-2
freemind 0.9.0+dfsg-2ubuntu1
ftp 0.17-27
fuse-utils 2.9.0-1ubuntu2
gawk 14.0.1+dfsg-2
gddrescue 1.16-1
genisoimage 91.1.11-2ubuntu3
geoip-database 20120609-1
ghex 3.6.0-0ubuntu1
ghostscript 9.06~dfsg-0ubuntu4
gksu 2.0.2-6ubuntu2
gnome-disk-utility 3.6.1-0ubuntu1
gnome-keyring 3.6.1-0ubuntu1
gnome-mplayer 1.0.6-1
gnumeric 1.10.17-1.1ubuntu1
gnupg 1.4.11-3ubuntu4.4
google-chrome-stable 33.0.1750.152-1
gparted 0.12.1-1
gpgv 1.4.11-3ubuntu4.4
gpicview 0.2.3-2
gtk-recordmydesktop 0.3.8-4.1ubuntu1
guvcview 1.5.3-0ubuntu1
guymager-beta 0.7.3-1
gzip 1.5-1.1ubuntu1
hardinfo 0.5.1-1.1ubuntu5
hdparm 9.37-0ubuntu4
hexedit 1.2.12-4
hfsplus 1.0.4-12build4
hfsutils 3.2.6-11build4
htop 1.0.1-4
hydra 7.3-1
imagemagick 86.7.7.10-2ubuntu4.2
iproute 20120521-3ubuntu1.1
iptables 1.4.12-2ubuntu2.2
iputils-arping 320101006-3ubuntu1
iputils-ping 320101006-3ubuntu1
iputils-tracepath 320101006-3ubuntu1
java-common 0.43ubuntu3
john 1.7.8-1build1
keepnote 0.7.8-1
kismet 2008-05-R1-4.3build2
klibc-utils 2.0.1-1ubuntu2
kpartx 0.4.9-3ubuntu6
leafpad 0.8.18.1-3
libafflib0 3.6.6-1.1
libdmraid1.0.0.rc16 1.0.0.rc16-4.1ubuntu9
libecryptfs0 100-0ubuntu1.1
libewf1 20100226-1build2
libewf2 20130416-3
libexif12 0.6.20-3
libreoffice 13.6.2~rc2-0ubuntu4
lshw 02.16-1
lxkeymap 0.7.99+dfsg-0ubuntu3
lxlauncher 0.2.2-3
lxmenu-data 0.1.2-2
lxpanel 0.5.10+git20120823-0ubuntu1
lynx 2.8.8dev.12-2ubuntu0.1
mc 34.8.3-9
md5deep 4.2-1
memtest86+ 4.20-1.1ubuntu2.1
mhonarc 2.6.18-2
mountmanager 0.2.6-0ubuntu5
mplayer2 2.0-554-gf63dbad-1ubuntu0.1
mtools 4.0.17-1
mtpaint 3.40-1ubuntu1
myrescue 0.9.4-5
nano 2.2.6-1ubuntu1
net-tools 1.60-24.1ubuntu3
nmap 6.00-0.1
openssh-client 16.0p1-3ubuntu1.1
openssh-server 16.0p1-3ubuntu1.1
openssl 1.0.1c-3ubuntu2.6
os-prober 1.56ubuntu1
outguess 10.2-7
parted 2.3-10ubuntu2
pasco 1.0+20040505-5
pciutils 13.1.9-5ubuntu4
pcmanfm 1.0.1-0ubuntu1
pdfcrack 0.11-1
perl 5.14.2-13ubuntu0.3
phonon 44.7.0really4.6.0-0ubuntu2
php5-cli 5.4.6-1ubuntu1.7
pidgin 12.10.6-0ubuntu2.3
postgresql 9.1+136
pst-utils 0.6.54-4
python 2.7.3-0ubuntu7.1
qdbus 44.8.3+dfsg-0ubuntu3.2
readpst 0.6.54-4
recode 3.6-20
recoll 1.19.5-1~ppa1~quantal1
recordmydesktop 0.3.8.1+svn602-1ubuntu3
reglookup 0.12.0-1ubuntu2
rfkill 0.4-1ubuntu3
rifiuti2 0.5.1-3build1
rkhunter 1.4.0-1
rsync 3.0.9-3ubuntu1
samba 23.6.6-3ubuntu5.4
samdump2 1.1.1-1.1
scalpel 1.60-1build1
scite 3.0.2-2
scrot 0.8-13
sed 4.2.1-10ubuntu1
sensible-utils 0.0.7ubuntu1
simple-scan 3.6.0-0ubuntu1
smartmontools 5.43-0ubuntu1
sqlite3 3.7.13-1
sqlitebrowser 2.0.0~beta1+ds.1-3
ssdeep 2.7-1
ssh 16.0p1-3ubuntu1.1
stegdetect 0.6-6
strace 4.5.20-2.3ubuntu2
tcpdump 4.3.0-1ubuntu1
telnet 0.17-36build2
testdisk 6.13-1ubuntu1
transmission-gtk 2.61-0ubuntu2.2
tripwire 2.4.2.2-2
tshark 1.8.2-2
udisks 1.0.4-6ubuntu0.1
udisks2 2.0.0-1ubuntu1.1
ufw 0.33-0ubuntu2.1
undbx 0.20-1ubuntu2
unhide.rb 13-1
usbutils 1005-3
vim 27.3.547-4ubuntu1.1
vinetto 0.6.0~alpha-1
vlc 2.0.8-0ubuntu0.12.10.1
vmfs-tools 0.2.5-1
vym 2.2.0-1
wget 1.13.4-3ubuntu1
whiptail 0.52.11-2ubuntu11
whois 5.0.19
wine1.5 1.5.30-0ubuntu3
wipe 0.22-1
wireless-tools 30~pre9-8ubuntu1
wireshark 1.8.2-2
wpasupplicant 1.0-2ubuntu5
xmount 0.6.0
xplico 1.0.1
xz-utils 5.1.1alpha+20120614-1
DART 2 2014 package list, in alphabetical order
Alert
About
Acquire
Burn
DeepBurner
InfraRecorder
Copy
QuickHash
ForensicCopy
TeraCopy
FastCopy
FastCopy 64-bit
Image
FTK Imager
DumpIt
Nigilant32
HDDRawCopy
RamCapture 32-bit
RamCapture 64-bit
PZenDump
Scaner
Data Recovery
Undelete-360
PhotoRec 32-bit
PhotoRec 64-bit
TestDisk 32-bit
TestDisk 64-bit
Forensics
Browser
Browser Forensic Tool
Browser History Spy
Historian
Index.dat Analyzer
Internet History Browser
BrowsingHistoryView 32-bit
BrowsingHistoryView 64-bit
ChromeCacheView
ChromeCookiesView
ChromeHistoryView
FavoritesView
FirefoxDownloadsView
FlashCookiesView
IECacheView
IECookiesView
IEHistoryView
ImageCacheViewer
MozillaCacheView
MozillaHistoryView
MozillaCookiesView
OperaCacheView
OperaCacheView Win98
SafariCacheView
SafariHistoryView
VideoCacheView 32-bit
VideoCacheView 64-bit
WebCacheImageInfo
FBCacheView
E-Mail
MailView
Mail-Cure
OutlookAddressBookView 32-bit
OutlookAddressBookView 64-bit
OutlookAttachView 32-bit
OutlookAttachView 64-bit
OutlookStatView 32-bit
OutlookStatView 64-bit
Encryption
OTFEVolFileFinder
TCHunt 1.5
ZeroView
eCryptfs Parser
File
FileAlyzer
FoldAlyzer
FileAlyzer2
TrIDNet
FoldersReport
Hashing
Harvester
MD5summer
HashMyFiles 32-bit
HashMyFiles 64-bit
HashMyFiles 98(non Unicode)
QuickHash
Instant Messaging
ConCon Retriever
Instant Messaging History Browser
LiveContactsView
SkypeLogView
Peer to Peer
eMule MET Viewer
MetMedic
GigaView
Lime Juicer
LimeLib5
Props
Windows Forensics
Registry
Registry Decoder Live R24
RegistryReport
RegRipper
Windows Registry Recovery
RegScanner 32-bit
RegScanner 64-bit
RegScanner Win98
USBDeview 32-bit
USBDeview 64-bit
UserAssistView
ShellBagger
Printer Spooler
EMFSpoolViewer
SplViewer
FSV Thumbs Extractor
LnkExaminer
ShadowKit
ShadowExplorer
StreamFinder
Windows File Analyzer
VW7
AlternateStreamView 32-bit
AlternateStreamView 64-bit
AppCrashView
BlueScreenView 32-bit
BlueScreenView 64-bit
InsideClipboard
JumpListsView
LastActivityView
MIMEView
MUICacheView
MyEventViewer 32-bit
MyEventViewer 64-bit
EventLogSourcesView 32-bit
EventLogSourcesView 64-bit
MyLastSearch
NTFSLinksView 32-bit
NTFSLinksView 64-bit
RecentFilesView
RecentFilesView Unicode
ShellBagsView
UserProfilesView
WhatInStartup 32-bit
WhatInStartup 64-bit
WinPrefetchView
Simple File Parser
WinLogOnView
Incident Resp.
Antivirus
GMER
IceSword
RootRepeal
SvchostAnalyzer
Tuluka
ClamWin
aswMBR
catchme
System Info
Running Processes
CProcess
ProcessActivityView 32-bit
ProcessActivityView 64-bit
ProcessThreadsView 32-bit
ProcessThreadsView 64-bit
ServiWin
WinLister
Scaner
windows,system,SpyDLLRemover
ProcNetMonitor
FileInfo
DriveMan
HWiNFO32
PcOnOffTime
TurnedOnTimesView
TreeSizeFree
WinAuditu
DevManView 32-bit
DevManView 64-bit
DiskCountersView
DiskSmartView
OpenedFilesView 32-bit
OpenedFilesView 64-bit
Heap Inspector 32-bit
Heap Inspector 64-bit
tr3secure
Networking
CrowdInspect 32-bit
CrowdInspect 64-bit
AdapterWatch
LAN Search Pro
NetSetMan
Network Scanner
CurrPorts 32-bit
CurrPorts 64-bit
DNSQuerySniffer 32-bit
DNSQuerySniffer 64-bit
HTTPNetworkSniffer 32-bit
HTTPNetworkSniffer 64-bit
NetBScanner
NetResView
NetRouteView
NetworkInterfacesView
NetworkTrafficView 32-bit
NetworkTrafficView 64-bit
TcpLogView 32-bit
TcpLogView 64-bit
SmartSniff 32-bit
SmartSniff 64-bit
SniffPass 32-bit
SniffPass 64-bit
URLStringGrabber
WebCookiesSniffer 32-bit
WebCookiesSniffer 64-bit
WifiInfoView
WirelessNetView
WNetWatcher
BluetoothView
SocketSniff
WhoIsConnectedSniffer 32-bit
WhoIsConnectedSniffer 64-bit
NetworkConnectLog
Password
Nirsoft
Access PassView
AsterWin IE
BulletsPassView 32-bit
BulletsPassView 64-bit
ChromePass
Dialupass
Enterprise Manager PassView
IE PassView
LSASecretsDump 32-bit
LSASecretsDump 64-bit
LSASecretsView 32-bit
LSASecretsView 64-bit
Mail PassView
MessenPass
Network Password Recovery 32-bit
Network Password Recovery 64-bit
browser,OperaPassView
PasswordFox 32-bit
PasswordFox 64-bit
Password Security Scanner
PCAnywhere PassView
Protected Storage PassView
PstPassword
Remote Desktop PassView
RouterPassView
VNCPassView
WebBrowserPassView
Win9x PassView
WirelessKeyView 32-bit
WirelessKeyView 64-bit
SecurityXploded
AsteriskPasswordSpy
BrowserPasswordDecryptor
FacebookPasswordDecryptor
FtpPasswordDecryptor
FTPPasswordKracker
GooglePasswordDecryptor
LDAPPasswordKracker
MailPasswordDecryptor
MessengerPasswordDecryptor
MysqlPasswordAuditor
NetworkPasswordDecryptor 32-bit
NetworkPasswordDecryptor 64-bit
OraclePasswordAuditor
RouterPasswordDecryptor
RouterPasswordKracker
SocialPasswordDecryptor
VNCPasswordRecovery
WiFiPasswordDecryptor
WindowsPasswordKracker
Advanced Password Recovery
Phrozen Pwd Recovery
Visualize
Graphics
FastStoneViewer
XnView
Forensic Image Viewer
JPEGsnoop
Photo Studio
Thumo
ExifDataView
Multimedia
Media Player Classic x86
Media Player Classic x64
VideoTriage
Video Previewer
VLC
FragView
ListCodecs
InstalledCodec 32-bit
InstalledCodec 64-bit
Office
DatabaseBrowser
OLEDeconstruct
SQLite Database Browser
SSView
SumatraPDF
Universal Viewer
ESEDatabaseView
MetaExtractor
Utility
Search
SMF – SearchMyFiles
UltraSearch
SearchMyFiles 32-bit
SearchMyFiles 64-bit
Screen Capture
AviScreen
CamStudio Recorder
Screeny
7-Zip
Agent Ransack 32-bit
Agent Ransack 64-bit
Eraser
GSplit
HxD
LTFViewr5u
Notepad++
On-ScreenKeyboard
TightVNC viewer
TrIDNet
UniExtract
UsbWriteProtect
WipeDisk
DontSleep 32-bit
DontSleep 64-bit
MouseJiggle
You can build a Windows-based alternative to a Linux system.
1) Build a WinFE |
2) Add free forensic tools
- FTK Imager
- Others
3) Done
Not all forensic tools will run on WinFE, but enough for you to create an entirely free, forensically sound operating system to recover files. Best to have both Linux and WinFE as well.
One thing i realised i hadn't yet acquired is a decent file recovery program.
Not the usual home user type of stuff, something that will not only be able to recover the file but would give me all the nitty gritty details i need to be able to explore and practice looking at not only fully recovered files, but partially recovered files etc.
Anyone got any suggestions?
DMDE
http//dmde.com/
Both Linux and Windows.
jaclaz
which i can mess around with and practice with over the summer and throughout the next 3 years of my course.
When you use the most current and updated bootable forensic systems, like DEFT and WinFE, you will actually be using the same software that is being used in real cases by all levels of government and by the private sector today.
I know you were being casual with "mess around", but at this point being in a formal course of training, you can realistically state that you are "training, testing, and researching" valid forensic software systems and applications. Your three years can be three years of actual use rather than messing around. Words you use later will matter with your next employer D
Thanks for all the responses.
I did download DEFT a while ago, just havent had chance to use it yet as ive been 'testing and researching' (;P) other bits and pieces.
Will take a look at it tonight
Now that is an outstanding statement.
Now that is an outstanding statement.
Learnt from the best! P