Hi there,
as i`m not an expert in forensics i need an advice (or two;):
- Which tool/tools would u guys recommend for Windows apps forensic examination (ie. network usage ports/ip, runtime, updates, timeline behaviour)
- What`s your favourite "workhorse" in general Windows forensics ?
I`m into commercial solutions but if there`s something freeware (already tried Autopsy / Sleuth, DEFT, Caine etc.) it would be even better.Â
Â
BR
David
If your lab is dealing with a bunch of cases and time is ticking, freeware might not cut it with its service, support, and update limitations. That's where commercial software swoops in to save the day! Of course, the choice depends on what kind of cases you're working on. There's a whole bunch of products out there—some with specific superpowers and others that can do it all. Just a heads up, the all-in-one ones can be a bit pricey. If you're looking for software to tackle specific challenges, just let me know what you need, and I'll point you in the right direction!
Â
Dear David @davids:
you may please have a look on the following tools which may fulfill your requirement
- Sysinternals Suite
- Process Monitor (Procmon) / Process Explorer
- RegShot / Registry Editor / Registry Viewer
- Wireshark
- Volatility for memory analysis (command line)