I need to examine the image which free tool can I use. I need to identify the file name, location (physical and logical), the type of application used to create the information and any information of probative value that can be determined from this data. Please advice
How about the Sleuth Kit? It's bundled in the SANS SIFT workstation, as well, which is a great set of free tools for imaging and analysis. Depending on your level of experience you may find it unintuitive, but it is free and feature-rich.
CAINE can do a bit of what you are looking for. There are plenty of others but this is a new release and has a good collection of tools.
http//
I need to examine the image which free tool can I use. I need to identify the file name, location (physical and logical), the type of application used to create the information and any information of probative value that can be determined from this data.
Well, examining an image is pretty simple and straight forward. I might suggest the Basic Edition of ProDiscover, or even just FTK Imager.
Depending on the operating system involved, identifying the type of application used could be easily performed with RegRipper.
Without more information from you, however, anything else I could provide is simply speculation. For example, I can't recommend a means "to identify the file name" if I don't know what it is you're looking for.
Wish I could help…
@All Thank you for advice.
@keydet89 I need to search for keywords in the image and need to be able to identify the file information where those keywords are. I was not able to do a "keyword search in the FTK Imager( i found the keyword by scrolling thru but there was no file information). I am using Windows XP
@douglasbrush I see CAINE is for Linux only. Sorry for that not mentioning OS before
CAIN is a bootable Linux distro. You can boot the system with the disk and perform the investigation with the tools that come with the enviroment.
Ok, so let's look at this from a step back…
Do you want to find data files created by a user (office docs, emails,etc) or operating system/program files or dynamically created files such as temp files, logs, cache? But before that what is the purpose of your investigation?
Draw the house plans before you start taking out the tools from the woodshed.
@douglasbrush I am taking Digital Forensic class. Professor gave us the file and he wants us to search for some keywords in that image. If keywords found, we need to identify the file name, location, the application used to create the information(can be anything emails, docs) and collect all possible information from investigation. I never used any tools before so it is hard to make a decision. I downloaded FTK but i didn't install it yet… not sure if i need full version. FTK Imager doesn't do all what i need.
I'd hope the professor gave a small image. If so, download FTK 1.x, it'll work up to 5,000 files and nearly everything you need, for free. ProDiscover as previously mentioned, works well too, without the 5,000 file limit. I would have expected that if you are in a digital forensics class that you'd get some guidance on software to use.
If your professor gave you a complete, average size image that goes well beyond 5,000 files and no tools to look at it, then you will have a very difficult time finding a free forensic application that will do everything you need for this class or any class.