Free computer forensic software

Maybe you should put some "separators".
Like "disk tools" (I am failing to see what has to do Ridgecrop's Format 32 with Forensics, BTW), "viewers", "USB tools", etc.

About FAT32, JFYI
http//tokiwa.qee.jp/EN/Fat32Formatter/

And (recovery, NOT "forensics")
http//tokiwa.qee.jp/EN/PartitionRecovery/

BOTH "recovery" and "forensics"
http//www.boot-land.net/forums/index.php?showtopic=7783
http//www.boot-land.net/forums/index.php?showtopic=9274
http//www.boot-land.net/forums/index.php?showtopic=9346
http//www.boot-land.net/forums/index.php?showtopic=10540
http//www.boot-land.net/forums/index.php?showtopic=11212
and probably a few more that you may find useful/interesting.

I like the idea of a "list page". )

jaclaz

While not strictly "Forensic"..a tool I find invaluable (and has a hash function)..is Karen's Directory Printer ( http//www.karenware.com/powertools/ptdirprn.asp ) .. This functionality should have been built into windows..

Thanks for the effort..

Maybe you should put some "separators".
Like "disk tools" (I am failing to see what has to do Ridgecrop's Format 32 with Forensics, BTW), "viewers", "USB tools", etc.
jaclaz

Separator's are a good idea. You're right regarding Ridgecrop's Fat32Format; I've changed the description on the top of page to "a selection of free software which may be of use to professional computer forensic practitioners." Thanks for the links to the tools too, will check them out later.

While not strictly "Forensic"..a tool I find invaluable (and has a hash function)..is Karen's Directory Printer ( www.karenware.com/powe...dirprn.asp ) .. This functionality should have been built into windows..

Thanks, that's a good one. It's now been added.

Like the train of thought here. A few more I thought of….

RegRipper - http//regripper.net/ - One of the first tools I run on almost every investigation. Quick way to get an overview of a Windows system by having the reg hives parsed to text files. Usually combine all outputs into a PDF and allow everyone on the investigation team to review so we can assess quickly direction of examination.

ConText - http//www.contexteditor.org/ - Great text editor. Very useful when editing scripts and/or code.

FreeDiff v1.1.2 - http//www.freediff.com/ - FreeDiff is a free file difference viewer. Use it to analyze the changes between two revisions of a file. Two versions of the System Registry database can be exported from within RegEdit and then compared using FreeDiff.

UVCView - Google It - Similar to USB view but a little more detailed with certain things.

WinDirStat - http//windirstat.info/ - A picture is worth a thousand words. Graphical representation of drive data.

ProDiscover Basic Edition - http//toorcon.techpathways.com/uploads/ProDiscoverRelease65Basic.zip

FILE SIGNATURES TABLE - http//www.garykessler.net/library/file_sigs.html - list of file sigs that can be added to your tool of choice

OLE Deconstruct - http//www.sandersonforensics.com/Files/msoledeconstruct.zip - nice clean way to get OLE/meta info from MS documents

TimeLord by Paul Tew – http//computerforensics.parsonage.co.uk/timelord/timelord.htm - Time utility

Log 2 Timeline - http//www.log2timeline.net/ - Parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeline that can be analysed by forensic investigators/analysts.

I just want to point out too that Harlan did a blog post on this same topic within the last year. You could probably get a good starting list from that.

Tom

I released several FREE utilities (most of them encase enscripts) at CEIC yesterday as part of my presentation. Download link below

Scripts

Apple iPhone Backup Extractor
Bag Parser
CSC Extractor
Google Desktop Search Metadata Extractor
Google Desktop Index Data Extractor
Windows Search Index Data Extractor
INDX Extractor
IPD Extractor
Webmail Extractor

Link
http//42llc.net/index.php?option=com_myblog&show=CEIC-2010-scripts.html&Itemid=39

I haven't written any documentation on it, other than whats on the website and in my presentation(http//42llc.net/index.php?option=com_attachments&task=download&id=31). Sorry about that! I will blog about the details of things like windows search and google desktop db format later.

Yogesh Khatri
42 LLC

Thanks for the comments and suggestions. I've now categorised and expanded the list. http//bit.ly/freeforensics

Hey, I didn't see any in your list, so I wanted to make you aware that woany has numerous tools on his site http//www.woanware.co.uk/

Thank you Jonathan for the post.

very nice!