Forensics has evolved over decades through various branches of forensic science, and it has have become a very important part of law enforcement all around the world. To fight cybercrime and protect digital assets on the Internet, forensics is definitely essential. 

Digital Forensic tools help investigators extract those crucial pieces of evidence from electronic devices so they can be presented to the authorities. 

So, when doing a forensic investigation, for whatever purpose, you need to use the right tools.

Here you will find 21 forensic investigator tools that are totally available for free.

1- Autopsy

Autopsy will help you locate many of the open source programs and plugins used in The Sleuth Kit. 

It is actually used by law enforcement, military, and corporates when they want to investigate what happened on a computer. But you can even use it to recover photos from a memory card.

2- Magnet Encrypted Disk Detector

Magnet Encrypted Disk Detector is a command-line tool that can quickly and non-intrusively checks for encrypted volumes on a computer system.  

This is a very useful tool during incident response, because what Encrypted Disk Detector does is check the local physical drives on a system for encrypted volumes. 

And of course, you don’t have to pay anything to use it, because it is totally free.

3- Wireshark

Wireshark is an open source network capturer and analyzer tool, which will help you to see what’s happening in your network at a microscopic level. 

It is also used across many commercial and non-profit enterprises, government agencies, and educational institutions, and it can be handy when investigating network-related incidents, network troubleshooting, analysis, software and communications protocol development, or simply for education. 

It is also totally free and it works thanks volunteer contributions of networking experts around the globe. 

4- Magnet RAM Capture

Magnet RAM Capture is a tool from Magnet Forensics and is designed to capture the physical memory of a suspect’s computer. 

Doing this it can allow you, during an investigation, to recover and analyze valuable data that is found in the memory.

It also gives you the option to export the captured memory data in Raw format for easily upload into other analysis tools. And it is also a free tool.

5- Network Miner

Network miner is a network forensic analyzer that can be used to detect OS, hostname, sessions, and open ports through packet sniffing or by PCAP file. 

Companies and organizations all over the world, like in incident response teams and law enforcement, use today and it has no cost at all since there is a free version of it. 

6- NMAP

NMAP or Network Mapper is one of the most popular networks and security auditing tools. Network administrators to scan ports and map networks use it. It can identify in which ports certain software is running and it can discover available hosts as well as what services they are offering. 

It also appears in a lot of movies that you might have seen like Matrix, Snowden, Ocean’s 8, and many more, and is an excellent tool that can be easily implemented on your server without having to pay anything for it.

7- RAM Capturer

RAM Capturer by Belkasoft is also a tool that will help you to dump the data from a computer’s volatile memory. 

It is compatible with Windows OS and it doesn’t require installation, it can be executed from an usb. 

Memory dumps can be a valuable source of volatile evidence and information. Mostly because in them you can sometimes find passwords to encrypted volumes. This tool is also available for free.

8-FAW 

FAW or Forensics Acquisition of Websites is a tool to acquire web pages for forensic investigation.

It lets you use side scrolling and a horizontal cursor so you can decide the web page area to be analyzed. It also captures all types of images, it captures HTML source code of the web page and it can be integrated with Wireshark, and it is also a free tool for forensic investigators.

9- HashMyFiles

HashMyFiles will help you to calculate the MD5 and SHA1 hashes.

By finding out the hash information on your files, you will be able to calculate their integrity.

Unfortunately, there is no help file available and the interface definitely needs some improvements but only from the visual point of view, but, hey, it’s still free.

10- CrowdResponse

Response is a windows application by Crowd Strike that will help you gather system information for incident response and security engagements. 

CrowdResponse is ideally suited to non-intrusive data gathering from multiple systems when positioned across the network.  According to iicybersecurity experts CrowdResponse is also available totally for free.

11- ExifTool

ExifTool will help you to read, write, and edit Meta information for a number of file types. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc.

So what ExifTool is, is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. 

It supports many different metadata formats and some of its features include its Geotags images from GPS track log files with time drift correction, and that the fact that it generates track logs from geotagged images.

And of course, it is also available for free.

12- SIFT

SIFT, which stand for SANS investigative forensic toolkit, is a whole suite of forensic tools you need and one of the most popular open source incident response platforms.

The SIFT Workstation contains a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of situations. 

And if that does not seem not enough, it is freely available and frequently updated.

13- Browser History Capturer by Foxton and Browser History viewer

Browser History Viewer (BHV) is a forensic software tool for extracting and viewing Internet history from the main desktop web browsers. And Browser History Examiner is a browser forensic tool usually used for capturing, extracting, and analyzing the web browsing history data of a web browser. And these are both free tools.

14- Sleuth Kit

The Sleuth Kit is a collection of command-line tools to investigate and analyze volume and file systems used for digital forensic investigations. With its modular design, it can be used to carve out the right data and find evidence.

It’s usage is commonly in criminal investigations, or digital forensics as I was saying, or simply for file system analysis. 

And, of course it is completely and totally free to use.

15- CAINE

CAINE is a complete forensic environment with a friendly graphical interface. This is a complete digital forensics platform and graphical interface that works with other digital forensics tools.

Some of the tools included with CAINE are: The Sleuth Kit, Autopsy, RegRipper, Wireshark, PhotoRec and Fsstat. Some of them already explained here.

According to International Institute of Cyber Security experts it is also a free software. 

16- Volatility Framework

Also built into SIFT, which we already explained in this article, Volatility is another open-source memory forensics framework for incident response and malware analysis. 

While their releases may seem few and far between, Volatility Framework is a really unique forensic tool that lets investigators analyze the runtime state of a device. This by using system information found in the volatile memory or RAM. According to International Institute of Cyber Security experts its one of the best tool.

And what’s best, it is available for free.

17- Paladin Forensic Suite

PALADIN is an Ubuntu based tool that enables you to simplify a range of forensic tasks. In it, you will find a bunch of precompiled open-source forensic tools that can be used to perform various tasks. It actually provides more than 100 useful tools for investigating any malicious material. It can help you simplify your forensic task quickly and effectively.

And the best part is that is a courtesy of SUMURI, which means it is free for everyone.

18- FTK Imager

AccessData FTK Imager is a forensics tool for Windows whose main purpose is to preview recoverable data from a disk of any kind. It can also create perfect copies, called forensic images, of that data. 

Additional features and functions like the possibility to create file hashes or mount already created disk images are other important advantages to discuss here.

Even when AccessData FTK Imager looks like a very professional tool created only for advanced forensics procedures, it’s actually very friendly. Furthermore, it is completely free.

19-Bulk_Extractor

Bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files.

The results it gives can be easily inspected and analyzed with automated tools. The program can be used for law enforcement, defense, intelligence, and cyber-investigation applications. Bulk_extractor is usually distinguished from other forensic tools by its speed. Because it ignores file system structure, bulk_extractor can process different parts of the disk in parallel. And it is also a free tool.

20- LastActivityView

LastActivityView is a portable software application that will enable you to view the latest activity recorded by a computer. 

However in this tool, there is an important aspect to take into account and is that the Windows registry does not get updated with new entries.

But well, let’s reviews the pros. LastActivityView has a very good response time. It is actually capable of detecting activity prior to its first run, and it also runs on a very low amount of CPU and RAM, so it won’t affect your computer’s overall performance.

It also has an overall simplicity and of course, it is totally free.

21-FireEye RedLine

FireEye’s premier is an endpoint security tool that provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis.  

It is available from OS X and Linux environments.

Some of its features include auditing and collecting all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history. 

Also, it can be very useful in-depth analysis because it allows the user to establish the timeline and scope of an incident, besides being completely free software.

These 21 tools for digital forensic will aid you in your investigation to make informed decisions regarding the case under review. 

The post 21 BEST FREE DIGITAL FORENSIC INVESTIGATION TOOLS appeared first on Information Security Newspaper | Hacking News.

Digital Forensic researcher of international institute of cyber security says cyber crimes is taking new heights day by day. Therefore we should consider learning about cyber forensics.

Cyber Crime Solution : Cyber Forensics

What are Cyber Forensic ? Cyber Forensics is a process collecting & analyzing information and presenting that information to enforcement law. Cyber forensics mainly deals with to analyze data collected from crime scene. The main goal of cyber forensics is to make a proper investigation while keeping a document that what exactly happened on a computing device.

Why Cyber Forensics is Important ? Cyber forensics creates an important role in computer science field. Law enforcement agencies uses IT/Cyber Security professionals to gain serious evidence in their investigations. Devices like hard disk, pendrives, memory cards and any other storage devices are used to collect the evidence which is used in solving cyber incidents .

Cyber Forensics Investigation Consists of :-

<-Preserving & Acquiring Data-Authenticating Data-Analyzing Data-Reporting Data->

• Cyber forensics consists of four main steps : Cyber forensics consists of four main phases :
  • Preserving & Acquiring Data : The first step involves gather data from seize devices & creating a bit by bit copy of the hard drive data.
  • Authenticating Data : This step involves to check whether acquired data is the exact copy of the contents of the hard drive. For checking sha1/md5 values are matched.
  • Analyzing Data : This is most important phase which includes examination and analyze all the gathered data using forensic techniques /tools.
  • Reporting Data : This is where all the gather information in third phase is presented to the law enforcement agencies.

Current Cyber Crime Statistics :-

The current cyber crime statistics shows that what attacks are used in cyber crime.

Cyber Crime in Top 20 Countries :-

Here we shows top 20 countries which are involved in cyber crime. Most of the cyber crime are evolved country like USA.

Windows Operating System & Cyber Forensics :-

Windows is the most popular operating system. Most of you are generally aware how to use this operating system. Windows is most usable because of its simplicity, more reliable, more easy to use, more fast but when comes to security. Windows operating system lacks many features in terms of security which can give access to black hat hackers /spammers to steal important information. These lack of features increases day to day increase in cyber crime. Most of the average windows users are unaware that newly upgraded windows is leaving tracks of their activity. It is very essential for windows users to know that confidential information stored in windows can be used to restore history of any particular user.

Why Windows Lacks Security :-

Windows uses most of old written code. These codes are way to old that their decryptors/ manipulators are available online easily that any script kiddie/ or anyone can use to break into windows operating system. Some of its artifacts codes are written in initial days of Microsoft and still they are not updated. Windows artifacts are the objects which holds information to the activities that are performed by the windows user. The type of information and location contains in artifact differ from one operating system to another. Windows artifacts are contains sensitive information which are analyzed very carefully at the time of forensics analysis.

Windows Registries :-

Windows registry is the most important source for analyzing any windows computer. These registries holds initial configuration for windows and all the installed applications. Registry holds windows system configuration for different windows applications. The registry not only keep configurations for the windows & other applications but also keep a track to enhance windows user experience.

These registries are used by forensic investigators to analyze them. There are various tools which are used to analyze such registries. Some open source tools that allows investigators to analyze windows registries.

Some OF Windows Popular Artifacts :-

These windows artifacts are used to analyze windows user to recreate its account history. As these common forms of windows that are used regularly by any windows user. Windows Artifacts like :-

• Root User Folder Artifacts : Root User gives you the complete admin privileges. Root has right to modify, delete files in operating system. Besides root gives many rights. But these rights cannot be taken or changed for the root. For accessing root go to My computer from desktop or computer from start menu. And go to Local C:\Windows\System32

• Desktop Artifacts : All the files of a windows user are stored in desktop folder. These files are created by the user or by the programs that are installed by the user. For accessing desktop Local C:\Users\Username

• Jump List Files/ Pinned Files : Jump list files can be accessed as these files contains record of last visited or recently opened program. The location can be accessed : Local C:\Users\username\AppData\Roaming\Microsoft\InternetExplorer\QuickLaunch\UserPinned\TaskBar

Top Open Source Windows Forensics Tools :-

• Autopsy is an GUI based forensic tool used to analyze hard disks & smart phones. Download tool from : https://www.sleuthkit.org/autopsy/

• Encrypted Disk Detector is used to check encrypted physical drives. The tool supports PGP, Bitlocker, Safeboot encrypted volumes & TrueCrypt Download tool from : https://www.magnetforensics.com/free-tool-encrypted-disk-detector/

• Wireshark is an network analyzer and capture tool used to see what traffic is going in your network. The tool comes useful in network incident. Download tool from : https://www.wireshark.org/

• Magnet RAM Capture is used to analyze physical memory of a computer. Download tool from : https://www.magnetforensics.com/free-tool-magnet-ram-capture/

• Network Miner is used in passive network sniffer/ capture to detect operating system ports, sessions. hostnames etc. Download tool from : https://www.netresec.com/?page=NetworkMiner

• NMAP is one of the most popular tool used to check open ports of the target. using this you can find vulnerability of any target to hack. Download tool from : https://nmap.org/

• RAM Capture is a free tool use to extract entire content of volatile memory. Download tool from : https://belkasoft.com/ram-capturer

• Forensic Investigator is an splunk toolkit used in based64 conversion, HEX conversion, virustotal, metascan lookups and many features which are used in forensics. Download tool from : https://splunkbase.splunk.com/app/2895/

• FAW (Forensics Acquistion Of Websites) is to acquire web pages images, HTML, source code of the web page and can integrate with wireshark. Download tool from : https://www.fawproject.com/

• HashMyFiles is used to calculate MD5 and SHA1 hashes. It works on all the latest websites. Download tool from : https://www.nirsoft.net/utils/hash_my_files.html

• USB Write Blocker is used to verify USB contents without leaving any fingerprint. Download tool from : https://legility.com/

• Crowd Response is used to gather system information for incident response. Download tool from : https://www.crowdstrike.com/resources/community-tools/

• NFI Defraser is used to find multimedia files in the data streams. Download tool from : https://sourceforge.net/projects/defraser/

• ExifTool tool is used to read, write and edit meta information for a number of files. Download tool from : https://www.sno.phy.queensu.ca/~phil/exiftool/

• Toolsley comprises of multiple tools like file identifier, hash & validate, binary inspector etc which helps in forensic investigations. Download tool from : https://www.toolsley.com/

• SIFT (SANS forensic toolkit) is a suite of forensic tools & very popular among forensic teams. The toolkit comprises of many tools which are used in cyber incidents. Download tool from : https://digital-forensics.sans.org/community/downloads/#overview

• DumpZilla is used to extract all data from firefox. Download tool from : https://www.dumpzilla.org/

• Browser History is used to find history from browsers like firefox, chrome, IE, edge history on OS. Download tool from : https://www.nirsoft.net/utils/browsing_history_view.html

The post Top Open Source Windows Forensics Tools appeared first on Information Security Newspaper | Hacking News.