15+ best and free computer forensic tools
In this article, I decided to collect programs that will help you in conducting investigations and will be free at the same time.
NirSoft Utility’s
Our list opens with a site that presents a selection of several hundred different free utilities for a forensic specialist. Everything is here, from Windows password recovery to network tools. Most of the tools do not require installation and work without leaving any traces. Everyone can find here something that will help him in a particular situation.
Link: https://www.nirsoft.net/
BULK_EXTRACTOR
A great tool that allows you to scan disk images, files, file directories, etc.) and extract structured information from them, such as email addresses, phone numbers, credit card numbers, GPS coordinates, fragments of JPEG and JSON files without parsing or file system structures.
Link: https://github.com/simsong/bulk_extractor
SHERLOQ
A whole set of useful tools for the examination of electronic images in one bottle. The service applies the latest research algorithms to graphic files, which allows not only to determine their authenticity, but also to receive a detailed technical conclusion about the verification.
Link: https://github.com/GuidoBartoli/sherloq
VIDEOCLEANER
Allows you to analyze photo and video files of most formats. It is very useful for investigations, as it makes it possible to improve the quality of displaying faces, license plates and other objects. It improves the quality and brightness of the image, changes the saturation and eliminates distortion.
Link: https://videocleaner.com/
ArtEx (Artifact Examiner)
A useful forensic tool that allows you to visualize the contents of iOS smartphones, as well as extract data. Works with a jailbroken device or a pre-cooked image. Allows you to build timelines, analyze movements between cell towers with visualization on the map. Parses messengers, analyzes transactions and recognizes faces in photos.
Link: http://doubleblak.com/
Andriller
Utility with a set of forensic tools for Android smartphones. Allows you to extract and decode device data. Reveals password protection at the entrance to the gadget. Has customizable decoders for application data from android databases to decode messages.
Link: https://github.com/den4uk/andriller
MOBILedit
A phone copy app for any operating system that helps you transfer contacts and messages from other phones, create local content backups, and manage your phone on a PC via Wi-Fi.
Link: https://www.mobiledit.com/app-mobiledit
HINDSIGHT
A tool for the examination of browsers based on the Chromium engine. Collects and analyzes web browser artifacts. Allows you to work with download history, cache entries, bookmarks, autofill entries, saved passwords, settings, extensions, cookies. Conveniently organizes records and lays them out on a timeline.
Link: https://github.com/obsidianforensics/hindsight
HackBrowserData
Open Source product that allows you to extract data from a whole line of browsers (Chrome/Chromium, Microsoft Edge, QQ, Brave, Opera, Vivaldi, Ynadex and FireFox). Successfully pulls out passwords, bookmarks, history, download links, cookies and much more.
Link: https://github.com/moonD4rk/HackBrowserData
XPLICO
A tool that allows you to analyze network traffic (HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, Facebook, MSN, RTP, IRC, Paltalk, etc.). An extremely useful tool for forensics.
Link: http://xplico.org/
FILE IDENTIFIER
A utility that allows you to recognize unknown files on a Windows computer. Allows you to search for information about any Windows file using the context menu option. In total, the tool recognizes more than 2000 file types from its own database.
Link: https://windowsfileviewer.com/file_identifier
OSF clone
A tool that allows you to quickly and independently of the installed operating system create or clone accurate raw disk images. Supports disk images in the open Advance Forensics Format (AFF). Able to create a forensic disk image, preserving all unused sectors, free space, file fragmentation and undeleted file records from the original hard disk.
Link: https://www.osforensics.com/tools/create-disk-images.html
Autopsy
An absolute favorite that needs no introduction. A complete digital forensics platform with its own GUI. Used by law enforcement, military and corporate experts. The platform has been designed to work with third party modules.
Link: http://sleuthkit.org/autopsy/
Avilla Forensics
A good example of how a handy tool for mobile platform forensics can be free. Interacts with a mobile device through the ADB interface, creating a full backup, as well as installing its own agent for real-time data parsing. At the same time, it perfectly parses a bunch of information from completely different sources.
Link: https://github.com/AvillaDaniel/AvillaForensics
iLEAPP
Log, event and Plist parser for iOS 11–14. If you have ever been digging in iPhone plist files, then you will fully appreciate this software.
Link: https://github.com/abrignoni/iLEAPP
ForensicWiki
And finally, a whole web resource in Wiki format dedicated to digital forensics. Here you can find answers to almost any questions that interest you.
Link: https://forensicswiki.xyz
Igor S. Bederov
Comments
Post a Comment