There are more than 100 tools so I am sure you will find one for your need. Kali Linux is one of the most popular operating systems for security and penetration testing, but it has forensic capability too. Results are shown in the interactive graph, and historical data can be filtered.Įxtract the following information with ForensicUserInfo. Browser history viewer – extract and analyze internet activity history from most of modern browsers.Browser history capturer – capture web browser (chrome, firefox, IE & edge) history on Windows OS.DumpzillaĮxtract all exciting information from Firefox, Iceweasel and Seamonkey browser to be analyzed with Dumpzilla. SIFT is a suite of forensic tools you need and one of the most popular open source incident response platform.
SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. Toolsley got more than ten useful tools for investigation. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc. ExifToolĮxifTool helps you to read, write, and edit meta information for a number of file types.
Heartbleed scanner – scan your network for OpenSSL heart bleed vulnerability.ĭefraser forensic tool may help you to detect full and partial multimedia files in the data streams.Shellshock Scanner – scan your network for shellshock vulnerability.Totrtilla – anonymously route TCP/IP and DNS traffic through Tor.
It runs on 32 or 64 bit of Windows XP above.Ĭrowd Strike has some other helpful tools for investigation. You can view the results in XML, CSV, TSV, or HTML with the help of CRConvert. Response by Crowd Strike is a windows application to gather system information for incident response and security engagements. It works on almost all the latest Windows OS. HashMyFiles will help you to calculate the MD5 and SHA1 hashes.
Capture HTML source code of the web page.It’s a Splunk app and has many tools combined.įAW (Forensics Acquisition of Websites) is to acquire web pages for forensic investigation, which has the following features. If you are using Splunk, then Forensic Investigator will be a convenient tool. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services. RAM Capturer by Belkasoft is a free tool to dump the data from a computer’s volatile memory. NMAP is supported on most of the operating systems, including Windows, Linux, Solaris, Mac OS, HP-UX, etc. NMAP (Network Mapper) is one of the most popular networks and security auditing tools. Network Miner provides extracted artifacts in an intuitive user interface.
Network MinerĪn interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions, and open ports through packet sniffing or by PCAP file. It supports the Windows operating system. You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory. Wireshark will be handy to investigate the network-related incident. Wireshark is a network capture and analyzer tool to see what’s happening in your network. It supports TrueCrypt, PGP, BitLocker, Safeboot encrypted volumes. Encrypted Disk DetectorĮncrypted Disk Detector can be helpful to check encrypted physical drives. It has extensive reporting to generate in HTML, XLS file format.