Top 8 Forensics Tools – 2018 Update

1. Autospy

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Github Link – https://github.com/sleuthkit/autopsy

Although Autopsy is designed to be cross-platform (Windows, Linux, MacOSX), the current version is fully functional and fully tested only on Windows.

The latest version of Autospy is 4.5.0 which you can download from this link.

The third party modules which are related to Autospy are available from this link.

2. Sleuthkit

The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

Github Link – https://github.com/sleuthkit/sleuthkit

The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.

The Sleuth Kit is written in C and Perl and uses some code and design from The Coroner’s Toolkit (TCT). The Sleuth Kit has been successfully tested on: Linux, Mac OS X, Windows (Visual Studio and mingw), CYGWIN, Open & FreeBSD, Solaris.

3. EnCase

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

Official Website Link – https://www.guidancesoftware.com/encase-forensic

EnCase technology is available within a number of products, currently including:

a) EnCase Forensic,
b) EnCase Cybersecurity,
c) EnCase eDiscovery, and
d) EnCase Portable.

4. Malzilla

Malzilla is one of the most popular malware hunting tool which supports a very limited number of DOM objects. Malzilla is a tool for the Microsoft Windows operating system to investigate malicious content, such as provided by malicious websites. It can take a URL as input or the code to investigate directly.

Official Download Link – http://malzilla.sourceforge.net/downloads.html

To prevent the system running malzilla from getting infected, it uses a special JS emulation that should not affect system resources.

5. PEview

PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.

Official Website Link – http://wjradburn.com/software/

As the name suggests, PEview is a viewer for PE files. It is developed and actively maintained by Wayne J. Radburn, who also has some other neat software you can find on his website.

PEview is a lightweight program, being a small standalone executable around 70kb in size. For determining basic PE information, PEview the job done well.

In addition, those who haven’t studied the PE file format may find the tool a bit difficult to use, as PEview doesn’t provide any tips or hints to find the information you may be looking for. Nonetheless, despite these inconveniences, PEview remains one of the best tools for simple PE analysis, and that makes it number five on our list of PE analysis tools worth looking at.

6. HxD

HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.

Official Website Link – https://mh-nexus.de/en/hxd/

Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical.

Furthermore a lot of effort was put into making operations fast and efficient, instead of forcing you to use specialized functions for technical reasons or arbitrarily limiting file sizes. This includes a responsive interface and progress indicators for lengthy operations.

7. WinHex

WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.

Official Website Link – https://www.x-ways.net/winhex/

Features includes:

Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, etc
Native support for FAT, NTFS, Ext2/3, ReiserFS, CDFS, UDF
Built-in interpretation of RAID systems and dynamic disks
RAM editor, providing access to physical RAM and other processes’ virtual memory
Data interpreter, knowing 20 data types
Editing data structures using templates (e.g. to repair partition table/boot sector)
Concatenating and splitting files, unifying and dividing odd and even bytes/words
Analyzing and comparing files
Particularly flexible search and replace functions
Disk cloning (under DOS with X-Ways Replica)
Drive images & backups (optionally compressed or split into 650 MB archives)
Programming interface (API) and scripting
128-bit encryption, checksums, CRC32, hashes (MD5, SHA-1, …)
Erase (wipe) confidential files securely, hard drive cleansing to protect your privacy
Import all clipboard formats, incl. ASCII hex values
Convert between binary, hex ASCII, Intel Hex, and Motorola S
Character sets: ANSI ASCII, IBM ASCII, EBCDIC, (Unicode)
Instant window switching. Printing. Random-number generator.
Supports files >4 GB

8. BinText

A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional “advanced” view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.

Download Link – http://qpdownload.com/bintext/

BinText is a product developed by Mcafee. This site is not directly affiliated with Mcafee. All trademarks, registered trademarks, product names and company names or logos mentioned herein are the property of their respective owners.

Post Views: 727

You may also like: