10 free forensic tools
The world today is affected by an increase in cyber threats. The growing number of devices and the use of digital identities have increased risks and given hackers more and more possibilities.
Traditional security theories and technologies available to the general public are unable to offer a sufficiently complete picture to reduce risks in the face of emerging Internet threats.
Below we present 10 free forensic tools that have been created for computer forensic investigations but which, with a little patience and good will, can also be used by those who care about their own safety and want to protect themselves. If, on the other hand, you are also a Forensic CTP, I invite you to download these free tools that will help you solve many problems and save time.
Magnet Axiom Cyber
Magnet Forensics provides innovative tools to investigate cyber attacks and digital crimes. Magnet AXIOM Cyber simplifies business investigations.
All organizations of all sizes are constantly under threat or victim of cyber security threats. With a constant search for defense tools and built-in remote collection, Magnet AXIOM Cyber helps you quickly piece together what happened, so you can investigate events. Use AXIOM Cyber for your business investigations, including root cause analysis, insider threats, employee misconduct investigations, and eDiscovery.
Magnet AXIOM uses advanced parsing and carving techniques that allow you to obtain the maximum data from each test source. The ordered extraction of the data allows to obtain a clear and logical presentation of the same, with an exact report of the results. Plus, with built-in analytics features like Connections, Timeline, and Magnet.AI, you can automatically generate insights that could lead to important breakthroughs in your investigations.
Free Download Magnet Axiom Cyber
Sleuth Kit
Sleuth Kit® is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is also used with the help of Autopsy and many other open source and commercial forensic tools.
This is one of the best tools that has the advantage of greatly simplifying forensic analysis for computer system operators. Examine the hard drive and the smartphone, where the user interacts effectively with the graphical interface. It also provides email parsing, go into files and find all documents and images.
It also helps to view the thumbnail of the images to have a quick view of each image. As with the normal user, you can tag the file with a custom tag name. It also allows you to extract data from SMS, call logs, contacts and much more. Finally, it also allows you to mark your files and folders with a customized nomenclature.
Autopsy
It is one of the best open source GUI-based digital forensics programs, which can only be effectively analyzed by smartphones and hard drives. Autopsy is mainly aimed at solutions for computer problems, and for this reason it is used by thousands of users around the world.
Autopsy was designed for the end-to-end platform, where the modules are ready and available for third parties. Timeline analysis, data logging, keyword research and STIX software indication are provided in just a few modules.
Dumpzilla
Dumpzilla is another top forensic tool written in Python 3.x. It is able to collect all necessary and interesting information only from some browsers like as Iceweasel, Firefox and Seamonkey. It is readily available for Linux, Windows and Mac.
Works with command line interface to dump and redirect to pipes with some tools like grep, cut, sed, awk, etc. It is so useful that users can extract addons, cookies, bookmarks, history, passwords, downloads, form filling data and many other things.
It also allows you to export data to get a JSON file or a plain text file. You can easily use wildcards and regular expressions if you want advanced filtering.
browser History
This is a kind of free forensic investigation tool that reads data history from different web browsers like Google Chrome, Internet explorer, Mozilla Firefox, Microsoft Edge, Opera, etc. All of these tools display the browsing history in a web browser in a table.
Browsing history table includes title, web browser, user profile, visited URLs, number of visits, etc. Browser History allows you to use the user's profile so that the system can work. It also gets browsing history from external hard drive. The result will always be shown as an interactive graph and historical data that can be filtered.
Ftk Imager
FTK Imager Free Forensic Investigation Tools works as a data preview where you can imagine the suitable tool to capture the data in a forensic way. Make copies of data without making any changes and always try to keep evidence. Save hard drive images to a segment or file, which will be rebuilt later.
It also calculates the MD5 hash value and confirms data integrity. To detect cyber crimes it provides a guided approach. By using this software you can get a better view as well as being able to recover the password of 100 applications. It features an automated data analysis function that can manage reusable profiles for different investigations.
Exiftool by Phil Harvey
ExifTool is one of the best command line interface tools that helps to read, modify and write the meta information for the file type. With this tool, you can easily read GPS, IPTC, JFIF, Photoshop IRB, FlashPix, GeoTIFF, etc. metadata.
It also supports many different metadata formats, including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, Lyrics3, as well as the manufacturer's notes of many digital cameras from Canon, Casio, DJI, FLIR, FujiFilm, GE, GoPro, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Motorola, Nikon, Nintendo, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.
Volatility
Also integrated into SIFT, Volatility is an open-source memory forensics framework for incident response and malware analysis. It is written in Python and supports Microsoft Windows, Mac OS X and Linux (since version 2.5).
Forensic analysis of raw memory dumps is performed on a Windows platform. Volatility tool is used to determine whether your PC is infected or not. Subsequently, the malicious program can be extracted from running processes from the memory dump.
The Volatility Foundation is an independent 501© (3) non-profit organization that maintains and promotes open source memory forensics with the Volatility Framework. Downloads come in zip and tar archives, Python module installers, and standalone executables.
LastActivityView
LastActivityView is a tool for the Windows operating system that collects information from various sources about a running system and displays a log of user actions and events that have occurred on this computer.
Activities displayed by LastActivityView include: Running an .exe file, opening the Open/Save dialog, opening files/folders from Windows Explorer or other software, installing software, shutting down/starting the system, arrest application or system abnormality and connection and disconnection from the network.
Free Download LastActivityView
Redline
Redline is a free endpoint security tool that provides users with host investigative capabilities to find signs of malicious activity by analyzing memory and files and developing a threat assessment profile.
Redline can help verify and collect all running processes and drivers from memory, file system metadata, system registry data, event logs, network information, services, activity and web history; it also analyzes and displays imported audit data, including the ability to filter results by a specific time frame.