Information Security Insights
Forensic Tools
| Name | Source | Description |
|---|---|---|
| Disk Tools | ||
| dcfldd | SourceForge | dcfldd is an enhanced version of GNU dd with features useful for forensics/security. |
| ImDisk | www.ltr-data.se | Windows virtual disk driver |
| FTK Imager | AccessData | Imaging tool and viewer |
| Email Analysis | ||
| Mail Viewer | MiTeC | Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases, and single messages (EML files) |
| File and Data Analysis | ||
| DCode | Digital Detective | Date conversion/calculator utility |
| Shadow Explorer | ShadowExplorer.com | Volume Shadow Copy browser |
| Windows File Analyzer | MiTeC | Analyzes Thumbs.db, prefetch, shortcusts, index.DAT, and the Recycle Bin |
| JSUNPACK | jsunpack.jeek.org | A generic JavaScript Unpacker designed for security researchers and computer professionals. |
| General | ||
| HxD | mh-nexus | Freeware Hex Editor/Disk Editor |
| Notepad++ | Don HO | Advanced text editor |
| DSi USB Write-Blocker | Document SOlutions, Inc | Software USB write blocker |
| Internet History Analysis | ||
| ChromeAnalysis | forensic-software.co.uk | Analysis of Google Chrome usage data |
| Internet Evidence Finder | JADsoftware | Searches drives/images for Internet usage related artifacts (gmail, facebook, IE8 InPrivate/Recovery URLs, etc) |
| FoxAnalysis | forensic-software.co.uk | Analysis of Mozilla Firefox 3 usage data |
| Web Historian | Mandiant | Analysis of Internet Explorer, Firefox, and Google Chrome usage data |
| Network Analysis | ||
| Wireshark | Wireshark | Network Protocol Analyzer (capture/analysis) |
| Registry Analysis | ||
| RegRipper | Harlan Carvey | Extraction and analysis of “interesting” information found within the Windows registry |
| USBDeview | NirSoft | Lists all USB devices that were connected and/or used on a computer |