Digital Forensic Tools & Software

Finding out who did what and when and importantly presenting that evidence in a court of law is vital. Here are our recommended forensic tools for 2019.



Who dunnit?

Digital Cybersecurity Forensics is a boom niche at will likely remain so for a long time.

Digital Forensics is a massive subject and requires meticulous planning and execution for it to be deemed successful. When we say ‘successful’ we refer to there being a guilty conviction for am incriminating cybercrime that took place. Typically InfoSec Digital Forensics is dictated by the “Chain Of Custody” principle and vital to that process is the procuring and storing of evidence which is achieved by some of the tools that we’ve gone ahead and listed below.

Within all the different IT security careers we’d say that Digital Forensics ought to be one of the fastest growing sectors within Cybersecurity. The sheer escalating level and variations of hacks all require investigation, analysis and legal processes to secure convictions.


Tool Category: Forensics Tools


What is Autopsy?
Autopsy is a digital forensics platform that works in a GUI environment. Autopsy works within ‘The Sleuth Kit (TSK)’ library is a collection of command line forensic tools that allows the user to investigate disk images. The Sleuth Kit is used law enforcement, military, and corporate examiners to investigate what happened on a computer – and therefore if you would like to start a career in as a digital forensic investigator then a thorough understanding of this tool would be a clever and smart investment.

Is Autopsy Free?
Yes, this tool is free to use.

Does Autopsy Work on all Operating Systems?
Its works on Linux, Windows and MAC OS X.

What are the Typical Uses for Autopsy?
The main purpose of TSK is to execute volumes, drives and file system data. The plug-in framework allows additional modules to view file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.


Tool Category: Forensics Tools


What is Maltego?
Maltego is developed by Paterva and is a tool used for open-source forensics and intelligence. Its focus is to provide a library of transforms for the discovery of data from different open sources and visualize that data into a graph format which is suitable for data mining and link analysis.

Maltego allows building custom entities, allowing it to produce any type of information in addition to the types of basic entity which are part of the tool. The primary focus of this tool is to analyze real world relationships between people, websites, groups, internet infrastructure, networks, domains and affiliations with social media services such as Facebook and Twitter.

This hacking tool has two types of reconnaissance options, personal and infrastructural. Personal reconnaissance includes personal information such as phone numbers, email addresses, mutual friends, social networking profiles, etc. while Infrastructural reconnaissance deals with the domains, covering DNS information such as mail exchangers, name servers, DNS to IP mapping and zone transfer tables.

Maltego sends clients’ information in the XML format over a secure HTTPS connection by using seed servers. Once the information is processed at the server side, the results are brought back to the Maltego client. Getting all publicly available data using manual techniques and search engines is time consuming but with Maltego, it automates the data gathering process to a great extent, thus saving a lot of time for the user / attacker.

Is Maltego Free?
Maltego CE and Casefile are free to download wherein Maltego XL and Maltego Classic are paid tools. Maltego XL is the premier edition of this tool. Features and capabilites of Maltego Classic are included here but this is the enchanced version which can work on large graphs. This will also allow you to map out a clear threat picture of the entire network making it easy in identifying abnormalities or weak points. Maltego Classic on the other hand is the professional version of Maltego that gives extended compatibilities and functionalities with the community version of the tool. This can also be used in a commercial environment in which free versions cannot. This paid tool can create far larger graphs compared to the community version since this have no limitation on the entities that can be returned from a single transform. You can also export the results from a range of different formats.

Does Maltego Work on all Operating Systems?
Maltego currently works on Windows, Linux and Mac operating systems.

What are the Typical Uses for Maltego?
The primary focus of this tool is to analyze real world relationships between data that is accessible through the internet which includes footprinting internet infrastrcuture and gathering data about people and organizations owning it. Connection between these pieces of data are found by using OSINT techniques by quering searches such as whois records, social networks, DNS records, different online APIs, extracting meta data and search engines. Wide range graphical layout results will be provided by this tool that allow for clustering of data which make relationships accurate and instant.


Tool Category: Forensics Tools


What is EnCase?
Commonly used by law enforcement, EnCase is forensics software and its use has made it one of the de-facto standard in forensics.

Is EnCase Free?
No, EnCase is not for free but you can request a demo in case you’re interested in using this tool.

Does EnCase Work on all Operating Systems?
EnCase is a Windows-only tool.

What are the Typical Uses for EnCase?
EnCase is primarily used in collecting information from a computer system by employing checksums to aid in detect tampering to evidences. It can collect information from different types of devices and produce concise forensic reports.

Helix3 Pro

Tool Category: Forensics Tools


What is Helix3 Pro?
Just like the previous tools, Helix3 Pro is a unique tool customized for computer forensics. It has been created very carefully to avoid touching the host computer in any way and it is forensically sound. Good thing is that Helix will not automatically mount swap space nor auto mount any devices attached.

Is Helix3 Pro Free?
No, Helix3 Pro is a commercial tool. There’s a free version of this tool but its older and not anymore supported.

Does Helix3 Pro Work on all Operating Systems?
This tool works natively on Linux operating systems, MAC OS X and Windows.

What are the Typical Uses for Helix3 Pro?
Helix3 Pro focuses on forensics tools and incident response techniques. It is designed to be used by individuals who have an understanding of these techniques. With this tool, users can create forensic images of all intenal devices, search for specific file types like document files, graphic files etc.

This Post Has 6 Comments

  1. Hack diamonds and coins

    1. Hacking crypto is virtually impossible – it’s the wallet that is hackable. I’m no expert but that’s what I understand.

  2. How can I hack my paypal wallet

  3. Dear Experts,

    I am searching for an E-Mail Forensic Software that will assist me in investigating fraudulent companies.
    Having tried Sys Tools, Mail Examiner which also has limitations and cannot determine the Real IP if hidden, such as in G-Mail.
    Unfortunately, this tool was unable to get behind Cloudflare who offers network service solutions including pass-through
    security services, a content distribution network (CDN) and registrar services.

    The Requirements:

    a. Using the existing E-Mail or (header) received from the fraudulent company extract all forensic Meta Data information about the sender of this E-Mail, see below. In particular, identify the real server IP which is most likely hidden.

    Bait Tactics
    b. Another possibility could be to send E-Mail with SW which would be installed the background on the fraudulent server to collect computer forensic data/information later to be used in a Cout of Law.

    It is the process to track the IP address of the sender of a particular mail under investigation. In this technique, a mail containing a http: “$lt;img src>” tag is sent to the mail address from which the mail has been received. The recipient, in this case, is the culprit. When the mail is opened, a log containing the IP address of the recipient is captured by the mail server that is hosting the image and the recipient is tracked. In case the recipient is using a Proxy server, the address of the proxy server gets recorded.

    Extraction From Server

    c. Server investigation comes handy when the emails residing on the sender and receiver ends have been purged permanently. Since servers maintain a log of the sent and received emails, the log investigation will generate all the deleted emails. Furthermore, the logs can give the information of the source from which the emails have been generated. Server investigation does not mean that all the purged emails can be extracted. This is because after a certain retention period, the emails are deleted permanently from a server.

    d. Ideally, then connect to the server with a view to extracting all computer forensic data information or even creating a Ghost Image or similar!
    The information collected would then be used to determine the physical location of the server and ultimately finding and locating the criminals behind the fraud and blackmail.

    1. Wow – mega question! The answer is that I don’t know, but I’ll leave your question online in case someone can chime in and help out.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.