As we reach the mid-way point of 2020 and the curious, crazy, and covid-19 world we live in – I thought it is time to rank the top five or best “free” tools for digital forensic examiners.
For the past 20-years many tools have come and gone in the digital forensic space. These are the top five tools that every Digital Forensic Investigator and Network/Security Admin teams will want to download and use.
Number One (1):
FTK Imager – This tool started out as FTK Explorer and was a preview tool that could view files and evidence stored in the .EO1 format. At the time of its release, .E01 files could only be accessed by using EnCase. FTK Explorer allowed examiners to preview .EO1, .S01, and .001 or Raw dd file images. As the user base grew, requests came in to add other features. Imaging was the number one request. The name of the tool was changed, and FTK Imager emerged. For over 18-years forensic experts, legal teams, and network admins have utilized FTK Imager for its ability to view forensic images, preview live drives, mount drives, export, hash, capture MS-Windows Registry and secure files, identify encrypted files, and much more. This tool is a must and will continue to be the number downloaded tool. Download FTK Imager from the AccessData site.
Number Two (2):
SANS Investigative Forensic Toolkit (SIFT) tool. This Ubuntu based “Live CD” includes many tools you to use as you want to perform a digital forensic or incident response investigation. Because of the popularity of the SANS courses and certifications the SIFT tool is a favorite free tool to add to your tool kit.
Number Three (3):
NirSoft web site provides a unique collection of small and useful freeware utilities. There are a many useful tools for digital forensic examiners, network and security administrators, and end-users who want to see and do more with hidden information. Lots of good and practical, and for me – FUN tools to use and explore.
Number Four (4):
Magnet Forensics has many “free” tools. Originally known as JAD Software, these tools have been provided to law enforcement and digital forensic experts for many years. Initially Jad Saliba created tools to help him perform his job better as a member of the Waterloo Regional Police Service (WRPS) (Ontario, Canada). Internet Evidence Finder (IEF) and now AXIOM became the standard for carving, finding, and parsing Internet evidence and artifacts. Along the way several “free” tools emerged. I really like the MAGNET Encrypted Disk Detector. Many of my Cyber friends use the MAGNET RAM Capture and the MAGNET Process Capture tools. There are several tools available. Download them all for free.
Number Five (5):
Since 2001 The Sleuth Kit and Autopsy have provided a resource for those who want and use Open Source Digital Forensics. Industry legends and leaders Brian Carrier, Dan Farmer, Wietse Venema, and Samir Kapuria have contributed and developed the core code for these tools. These tools are used by thousands of users around the world.
A shout-out to Eric Zimmerman and his tools.
While there are many other good “free” tools out there, these five sets of tools continue to pave the way and provide digital forensic examiners with great resources. Please download and explore. Happy trails on your digital forensic journey!
Cheers – Jon Hansen