Open source computer forensics manual

Sleuth Kit is a collection that consists of command line tools and a C library allowing the analysis of disk images and file recovery. It is used at the back end in the Autopsy tool.

Available in free and professional versions, this forensics tool helps you to collect evidence from a mobile phone. Its file browser feature enables you to have access to and analyze photos, documents, videos and device database. Pros: It provides several ways to extract data including Bluetooth, USB cable, iTunes backups, other forensic software backups, and Android backups. Also, the main interface is straightforward and easy to use.

It provides sophisticated data analysis and has several useful data analysis features. DEFT digital evidence and forensics toolkit is a Linux-based distribution that allows professionals and non-experts to gather and preserve forensic data and digital evidence. The free and open source operating system has some of the best computer forensics open source applications. DEFT Zero is a lightweight version released in Pros: Needs only MB memory to run.

This means that it can be run even on a slow or obsolete PC. WireShark is one of the most commonly used network protocol analyzers. It allows you to investigate your network activity at the microscopic level. Wireshark is widely used by government agencies, corporations and educational institutes. Cons: Does not exactly pinpoint the solution you are looking for and dumps raw data into large files for you to figure out. These tools come in a free edition as well as a professional paid edition.

Pros: Captures network traffic, investigates potential rogue hosts, assembles and extracts files from captured traffic. This is an open-source network forensic analysis tool NFAT that can extract app data from internet traffic. Important features of Xplico are:. Pros: There is no size limit on number of files or data size. Its command line shows more detail and its geo-map feature can be used in web interface as well as console mode.

Cons: it is not possible to copy packets and send them to two separate dissectors; instead, there is the possibility of losing the packets, as the average processing time for a packet is higher than the average number of packets per second in Xplico.

It allows you to:. Pros: Creates bit-by-bit image and creates exact replica of the drive, thus allowing the investigator to view deleted or irretrievable files. It also creates a keyword index for every image, which makes future searches easier. Linux dd is a powerful tool that is installed by default in most Linux distributions Fedora, Ubuntu. It can be used for conducting a number of forensic tasks like creating raw image of a folder, file, or drive.

It is therefore advisable to test the command in a safe environment first and then apply it to the real data. This comes with a small, and fast-booting forensic image analysis in a microkernel that runs from portable media.

It physically boots the device, captures and authenticates a computer system, and reconstructs the filesystem. Magnet Ram Capture is one of the many tools provided by Magnet Forensics. It is a free tool that captures the physical memory of a computer. Having a small memory footprint, the tool can be run while the overwritten data in the memory is minimized. The collected memory data can be exported in RAW format and uploaded into any of the forensic analysis tools.

RAM evidence captured by the tool includes processes and programs, network connections, registry hives, malware intrusion evidence, decrypted keys and files, usernames and passwords, and any other activity not usually stored on the hard disk. Pros: Acquires full physical memory fast and leaves small footprint on live system that is under analysis.

This free memory forensic tool helps discover malicious activity in live memory. It can acquire and analyze images from memory. Sybex Google Scholar. Walsh N, Muellner L. Nagler R Extreme Programming in Perl. Robert Nagler Google Scholar. Carnegie Mellon University Google Scholar. Richard Ford R Open vs. Closed: Which Source is More Secure?

Hiong GS Open source vs commercial apps: the differences that matter. The Sleuth Kit. DEFT v3. Helix Live CD. EnCase Forensic.

Forensic Toolkit. Personalised recommendations. Cite paper How to cite?