Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
Digital Forensics Framework is another popular platform dedicate to digital forensics. The tool is open source and comes under GPL License. It can be used either by professionals or non-experts without any trouble. It can be used for digital chain of custody, to access the remote or local devices, forensics of Windows or Linux OS, recovery hidden of deleted files, quick search for files’ meta data, and various other things.
Open Computer Forensics Architecture (OCFA) is another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data. It was built by the Dutch National Police Agency for automating digital forensics process. It is available to download under GPL license.
CAINE (Computer Aided Investigative Environment) is the Linux distro create for digital forensics. It offers an environment to integrate existing software tools as software modules in a user friendly manner. This tool is open source.
EnCase is another popular multi-purpose forensic platform with many nice tools for several areas of the digital forensic process. This tool can rapidly gather data from various devices and unearth potential evidence. It also produces a report based on the evidence. This tool does not come for free (see site for current pricing).
Registry Recon is a popular registry analysis tool. The extracts the registry information from the evidence and then rebuilds the registry representation. It can rebuild registries from both current and previous Windows installations. It is not a free tool. costs $399.
The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.
Libforensics is a library for developing digital forensics applications. It was develop in Python and comes with various demo tools to extract information from various types of evidence.
Volatility is the memory forensics framework. It used for incident response and malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files. This tool is available for free under GPL license.
WindowsSCOPE is another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically use for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory.
The Coroner’s Toolkit or TCT is also a good digital forensic analysis tool. It runs under several Unix-related operating systems. It can be use to aid analysis of computer disasters and data recovery.