dc3dd -http://dc3dd.sourceforge.net/ – Patched version of GNU dd to include a number of features useful for computer forensics. Many of these features were inspired by dcfldd, but were rewritten for dc3dd.
dcfldd – http://dcfldd.sourceforge.net/ – Enhanced version of GNU dd with features useful for forensics and security. Based on the dd program found in the GNU Coreutils package, dcfldd has additional features.
dd_rescue – http://www.garloff.de/kurt/linux/ddrescue/ – Suitable for rescuing data from a medium with errors, i.e. a hard disk with some bad sectors.
-
TheSleuthKit – http://www.sleuthkit.org/ – The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer.
-
TheSleuthKit – http://www.sleuthkit.org/ – The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer.
Autopsy – http://www.sleuthkit.org/autopsy/ – The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.
Foremost – http://foremost.sourceforge.net/- Foremost is a console program to recover files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.
Scalpel – http://www.digitalforensicssolutions.com/Scalpel/ – Scalpel is a file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions.
-
Volatility – https://www.volatilesystems.com/VolatileWeb/volatility.gsp – The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
-
HxD – http://mh-nexus.de/en/hxd/ – HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size (Windows) (Run as administrator to use the disk editor).
-
Volatility – https://www.volatilesystems.com/VolatileWeb/volatility.gsp – The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
-
HxD – http://mh-nexus.de/en/hxd/ – HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size (Windows) (Run as administrator to use the disk editor).
Ghex – http://live.gnome.org/Ghex – Hex Editor (Linux)
-
Notepad ++ – http://notepad-plus-plus.org/ – Great Text Editor (Windows)
-
Stegbreak – http://www.outguess.org/download.php – Steganalysis Program
-
Notepad ++ – http://notepad-plus-plus.org/ – Great Text Editor (Windows)
-
Stegbreak – http://www.outguess.org/download.php – Steganalysis Program
Steganography Programs – http://www.jjtc.com/Steganography/tools.html
-
Wireshark – http://www.wireshark.org/ – Network protocol analyzer.
-
Open Source Digital Forensics – http://www2.opensourceforensics.org/tools – # Open Source tools for: Bootable Environments, Data Acquisition, Volume System, File System, Application, Network, Memory, Frameworks.
-
Knoppix std 0.1 – http://s-t-d.org/ – STD is a Linux-based Security Tool. Full of very useful open source security tools. It’s a Live Distro / Live CD (Linux), so bootable and can be run in memory only.
-
Wireshark – http://www.wireshark.org/ – Network protocol analyzer.
-
Open Source Digital Forensics – http://www2.opensourceforensics.org/tools – # Open Source tools for: Bootable Environments, Data Acquisition, Volume System, File System, Application, Network, Memory, Frameworks.
-
Knoppix std 0.1 – http://s-t-d.org/ – STD is a Linux-based Security Tool. Full of very useful open source security tools. It’s a Live Distro / Live CD (Linux), so bootable and can be run in memory only.
DEFT 6.0 – http://www.deftlinux.net/ – Network and Computer Forensic Live Distro / Live CD, contains open source tools specific to forensic use and application.
CAINE 2.0 – http://www.caine-live.net – GNU/Linux live distro that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
HELIX 3 (2009R1) – https://www.e-fense.com/store/index.php?_a=viewProd&productId=11 – Free version of the Helix 3 ISO version 2009R1, (note: not Helix3 Pro version 2009 R2).
Raptor 2.0 – http://forwarddiscovery.com/Raptor – Raptor 2.0 is a modified Live Linux distribution based on Ubuntu, you can register and download an ISO for FREE, to create your own bootable CD or USB. It is also available for sale as a pre-installed USB device.
Note: Raptor USB is not able to boot Intel-based MAC computers, this capability is available when using the Raptor CD.
Note: Raptor USB is not able to boot Intel-based MAC computers, this capability is available when using the Raptor CD.
Penguin Sleuth Kit – http://penguinsleuth.org/index.php?option=com_wrapper&Itemid=39 – Live disto / CD, geared towards the live previewing of computer systems out in the field. Also includeded several forensic, security auditing and sys admin tools.
Lnx4n6 – http://www.lnx4n6.be/index.php?sec=Downloads&page=bootcd – FCCU GNU/Linux Forensic Live Distro Boot CD.
PALADIN – http://www.sumuri.com/ – PALADIN is a modified Live Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner, for those not comfortable with using the command-line but still want to utilize the power of Linux.
