What Is This Resource?
Digital Cybersecurity Forensics is a boom niche at will likely remain so for a long time.
Digital Forensics is a massive subject and requires meticulous planning and execution for it to be deemed successful. When we say ‘successful’ we refer to there being a guilty conviction for am incriminating cybercrime that took place. Typically InfoSec Digital Forensics is dictated by the “Chain Of Custody” principle and vital to that process is the procuring and storing of evidence which is achieved by some of the tools that we’ve gone ahead and listed below.
To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.
It's all well and good knowing the tools, but what about using Forensics Tools on laptops, raspbery pi's and mobiles!
Click here for more information.
Last Updated: September 23rd, 2017
What is Autopsy?
Autopsy is a digital forensics platform that works in a GUI environment. Autopsy works within ‘The Sleuth Kit (TSK)’ library is a collection of command line forensic tools that allows the user to investigate disk images. The Sleuth Kit is used law enforcement, military, and corporate examiners to investigate what happened on a computer – and therefore if you would like to start a career in as a digital forensic investigator then a thorough understanding of this tool would be a clever and smart investment.
Is Autopsy Free?
Yes, this tool is free to use.
Does Autopsy Work on all Operating Systems?
Its works on Linux, Windows and MAC OS X.
What are the Typical Uses for Autopsy?
The main purpose of TSK is to execute volumes, drives and file system data. The plug-in framework allows additional modules to view file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
What is EnCase?
Commonly used by law enforcement, EnCase is forensics software and its use has made it one of the de-facto standard in forensics.
Is EnCase Free?
No, EnCase is not for free but you can request a demo in case you’re interested in using this tool.
Does EnCase Work on all Operating Systems?
EnCase is a Windows-only tool.
What are the Typical Uses for EnCase?
EnCase is primarily used in collecting information from a computer system by employing checksums to aid in detect tampering to evidences. It can collect information from different types of devices and produce concise forensic reports.
What is Helix3 Pro?
Just like the previous tools, Helix3 Pro is a unique tool customized for computer forensics. It has been created very carefully to avoid touching the host computer in any way and it is forensically sound. Good thing is that Helix will not automatically mount swap space nor auto mount any devices attached.
Is Helix3 Pro Free?
No, Helix3 Pro is a commercial tool. There’s a free version of this tool but its older and not anymore supported.
Does Helix3 Pro Work on all Operating Systems?
This tool works natively on Linux operating systems, MAC OS X and Windows.
What are the Typical Uses for Helix3 Pro?
Helix3 Pro focuses on forensics tools and incident response techniques. It is designed to be used by individuals who have an understanding of these techniques. With this tool, users can create forensic images of all intenal devices, search for specific file types like document files, graphic files etc.
What is Maltego?
Maltego is developed by Paterva and is a tool used for open-source forensics and intelligence. Its focus is to provide a library of transforms for the discovery of data from different open sources and visualize that data into a graph format which is suitable for data mining and link analysis.
Maltego allows building custom entities, allowing it to produce any type of information in addition to the types of basic entity which are part of the tool. The primary focus of this tool is to analyze real world relationships between people, websites, groups, internet infrastructure, networks, domains and affiliations with social media services such as Facebook and Twitter.
This hacking tool has two types of reconnaissance options, personal and infrastructural. Personal reconnaissance includes personal information such as phone numbers, email addresses, mutual friends, social networking profiles, etc. while Infrastructural reconnaissance deals with the domains, covering DNS information such as mail exchangers, name servers, DNS to IP mapping and zone transfer tables.
Maltego sends clients’ information in the XML format over a secure HTTPS connection by using seed servers. Once the information is processed at the server side, the results are brought back to the Maltego client. Getting all publicly available data using manual techniques and search engines is time consuming but with Maltego, it automates the data gathering process to a great extent, thus saving a lot of time for the user / attacker.
Is Maltego Free?
Maltego CE and Casefile are free to download wherein Maltego XL and Maltego Classic are paid tools. Maltego XL is the premier edition of this tool. Features and capabilites of Maltego Classic are included here but this is the enchanced version which can work on large graphs. This will also allow you to map out a clear threat picture of the entire network making it easy in identifying abnormalities or weak points. Maltego Classic on the other hand is the professional version of Maltego that gives extended compatibilities and functionalities with the community version of the tool. This can also be used in a commercial environment in which free versions cannot. This paid tool can create far larger graphs compared to the community version since this have no limitation on the entities that can be returned from a single transform. You can also export the results from a range of different formats.
Does Maltego Work on all Operating Systems?
Maltego currently works on Windows, Linux and Mac operating systems.
What are the Typical Uses for Maltego?
The primary focus of this tool is to analyze real world relationships between data that is accessible through the internet which includes footprinting internet infrastrcuture and gathering data about people and organizations owning it. Connection between these pieces of data are found by using OSINT techniques by quering searches such as whois records, social networks, DNS records, different online APIs, extracting meta data and search engines. Wide range graphical layout results will be provided by this tool that allow for clustering of data which make relationships accurate and instant.
[continued from top of page]