I am relatively new to the forum, but wondered from the more experienced crowd - Which software package do you use when you are analyzing a computer.
Thanks,
Dave
Greetings,
I'm slowly inventorying and cataloging my forensics tools. Here's an incomplete list
Forensics Tools
Standalone forensics analysis station software requirements
* EnCase Forensics w/ dongle or network license
o Up to date EnScripts
* Either FTK or X-Ways (second forensics application to verify results)
* Titan Collector (De-NIST and cull) or Pinpoint Labs products (one for deNIST and one for cull)
* Paraben P2 Commander (EDBs, PSTs)
* Mount Image Pro
* CD/DVD burning software
* Virtual Forensic Computing (create VMs from images for analysis)
* VMware Workstation (needed for VFC, above, must run on Windows)
* ActivePerl - used for running regripper and other perl scripts
* Evidence Mover
* Kon Boot (Circumvents passwords on Windows and Linux systems)
* RAID Reconstructor (rebuilds RAIDs)
* RegRipper (registry analysis)
* TrueCrypt
* unetbootin (Burns ISOs onto thumb drives and makes them bootable.)
* Winzip
* PKzip
* UFS Explorer
* IrfanView
Collections
* F-Response
* Helix and Helix Pro
* MacQuisition - $300 - Black Bag Tech
* Voom HC III
*
Internet History
* Various - needs research
* Internet Evidence Finder - $20
* Chrome Analysis
* Mandiant Web Historian
* NetAnalysis
P2P File Sharing
* P2P Marshall - $995
Case Management
* Still looking
Note taking
* Notepad
* Atlassian Confluence (wiki)
Thanks Kovar, thats quite an extensive list - currently I only have Encase at my disposal(and I am trying my hands with that).
There appears to be a lot of software/hardware packages out there, but only a select few are decent.
Let's see…the best place to start with my list is probably WFA 2/e and the <a href="http//windowsir.blogspot.com">WindowsIR blog</a>…
FTK Imager
VDKWin/ImDisk/P2Explorer/SmartMount
Perl - RegRipper, rip, ripXP, various other tools
TSK Tools
For case management/documentation, I've used Forensic CaseNotes, but I've also used a MSWord template.
I guess it really depends on what you want to do. I prefer to "go commando", but I do use dongles where necessary…
Think of your role as a mechanic or carpenter. Over time you build a tool kit and will have personal preferences. There are some basics such as a hammer and a crescent wrench that you will want to build a base from and then add on over time with what you like as you gain experience. Whether a tool is decent or not will depend on its application.
As another new member to the forum and currently starting computer forensics at uni, are there any free downloads available to look at and use, be them only basic tools, just to have a look at.
Jason,
I think that a good deal of what's been covered here does consist of free tools to a large extent. FTK Imager, RegRipper, etc…all free.
HTH.
keydet,
Thanks for that. Sorry for my ignorance but being a newbie I wasn't sure what was available for free..
thanks again..
Jason
http//www.forensicfocus.com/index.php?name=Downloads&d_op=viewdownload&cid=1
There are quite a few links in the downloads section of this site that you would want to review.
http//www.forensicfocus.com/index.php?name=Downloads&d_op=viewdownload&cid=1
There are quite a few links in the downloads section of this site that you would want to review.
Thanks! Being a newbie I hadn't made it all the way to the right end of the menu yet and didn't know there was a downloads section. lol
7