Computer Forensics Tools and Techniques

Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.

1. Digital Forensics Framework

 Digital Forensics Framework is another popular platform dedicate to digital forensics. The tool is open source and comes under GPL License. It can be used either by professionals or non-experts without any trouble. It can be used for digital chain of custody, to access the remote or local devices, forensics of Windows or Linux OS, recovery hidden of deleted files, quick search for files’ meta data, and various other things.

2. Open Computer Forensics Architecture

 Open Computer Forensics Architecture (OCFA) is another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data. It was built by the Dutch National Police Agency for automating digital forensics process. It is available to download under GPL license.

3. CAINE

 CAINE (Computer Aided Investigative Environment) is the Linux distro create for digital forensics. It offers an environment to integrate existing software tools as software modules in a user friendly manner. This tool is open source.

4. EnCase

 EnCase is another popular multi-purpose forensic platform with many nice tools for several areas of the digital forensic process. This tool can rapidly gather data from various devices and unearth potential evidence. It also produces a report based on the evidence. This tool does not come for free (see site for current pricing).

5. Registry Recon

 

Registry Recon is a popular registry analysis tool. The extracts the registry information from the evidence and then rebuilds the registry representation. It can rebuild registries from both current and previous Windows installations. It is not a free tool.  costs $399.

6. The Sleuth Kit

The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.

7. Llibforensics

Libforensics is a library for developing digital forensics applications. It was develop in Python and comes with various demo tools to extract information from various types of evidence.

8. Volatility

 Volatility is the memory forensics framework. It used for incident response and malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files. This tool is available for free under GPL license.

9. WindowsSCOPE

WindowsSCOPE is another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically use for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory.

10. The Coroner’s Toolkit

The Coroner’s Toolkit or TCT is also a good digital forensic analysis tool. It runs under several Unix-related operating systems. It can be use to aid analysis of computer disasters and data recovery.

 

 

1 thought on “Computer Forensics Tools and Techniques

  1. Thanks for explaining the various tools and techniques that can be used for computer forensics. I like that you mention how Digital Forensics Framework is open source with a GPL license so it can be easily used by both professionals and non-experts. Knowing the various tools could help you figure out which ones would work best for the work you require. It could also help when talking to any specialists you hire so that you can more thoroughly explain your situation and understand any feedback and information they provide you.
    http://hondiscovery.com/forensic-data-collections/

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories