Computer forensics is a vital field of computer science that deals with Internet and computer related crimes. Initially computers were only utilized to generate data but this has now expanded to all gadgets associated with digital data. The main aim of forensics is to conduct crime investigations by applying evidence gathered from digital data to uncover the person(s) behind the specific crime.
For better research and investigation, developers have come up with sophisticated computer forensic tools to smoothen and hasten forensic investigations. Investigation agencies and police departments pick the tools based on several factors including available experts and budget needed for the job.
These tools can be grouped into several categories.
- Disk & data capture tools
- File viewers
- Email analysis tools
- Mac OS analysis tools
- Network forensics tools
- Internet analysis tools
- Registry analysis tools
- Mobile gadgets analysis tools
- File analysis tools
- Database forensics tools
Listed below are few popular and important data forensics tools.
Digital Forensics Framework
Digital ForensiSiftcs Framework is a popular open source platform devoted to computer forensic. It can be utilized by both experts and non-professionals alike without any hitches. It can be employed for “digital chain of custody” to gain access to local and remote devices, forensics of Linux or Windows, recovery of deleted or hidden files, fast search of files/meta data and many other things.
Open Computer Forensics Architecture
Open Computer Forensics Architecture also known as OCFA is another popular open source computer forensics tool built on Linux platform which uses postgreSQL database for data storage. This tool was developed by Holland`s National Police Force for purposes of automating computer forensics. This is a sophisticated tool for computer forensics investigation that works on all Window platforms. It claims to work efficiently and is not resource hungry. Below is a summary of its features.
Disk cloning and imaging
Has the ability to read a file system structures within image files
Supports almost all file system such as FAT 16 and FAT 32
Automatic detection of lost or deleted hard drive partition
Bulk hash calculation
Sift or SANS Investigative Forenscis Toolkit is a multipurpose digital forensics tool that comes packed with essential tools employed in computer forensics process. This tool is based on Ubuntu, offered free and contains many open source forensics tools.
This tool provides investigators and the police a robust system that gathers digital data, conducts analysis, produces reports and stores them in a court-vetted, forensically-sound format.
This is a basic computer forensics platform that makes it possible for you to analyze, image and report on data gathered from hard disk. Once you have a forensics image, you can easily view the data by checking at the clusters which hold the data. It is possible to search data by utilizing the Search Node based upon the criteria specified.
Volatility is a forensic toolkit for malware analysis and incident response that lets you to harvest digital data from sensitive memory dumps. By utilizing volatility you can easily harvest data on open network processes, running processes and network connections