The field of Computer forensics has grown tremendously over the past several years and with it have the options for software tools. There are now an ever increasing amount of software applications and platforms to assist the forensic examiner for various types of devices.
Mobile forensics has developed into an entire new segment of the field with popular mobile forensic platforms such as Cellebrite UFED Logical and physical analyzer, Oxygen Forensic suite, Katana and Paraben mobile forensics, just to name some of the most popular software and hardware solutions.
For traditional computer forensics flat forms developed by industry leaders such as Encase and Access data still lead the way, however there are now more opensoftware solutions than ever that attempt to rival the large commercial investigative tool sets.
Let’s take a look at some of the available and popular opensource solutons for the forensic examiners that are on a budget.
1) The Digital Forensics Framework has become very popular framework for basic and advanced digital forensics. The open source framework has a GPL License. It can be utilized either by experts or non-specialists with no inconvenience. It can be utilized for computerized chain of care, to get to the remote or neighborhood gadgets, criminology of Windows or Linux OS, recuperation covered up of erased documents, snappy quest for records’ meta information, and different things.
2) Open Computer Forensics Architecture (OCFA) is another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.
It was built by the Dutch National Police Agency for automating digital forensics process. It is available to download under GPL license.
3) CAINE (Computer Aided Investigative Environment) is the Linux distro created for digital forensics. It offers an environment to integrate existing software tools as software modules in a user friendly manner. This tool is open source and frequently updated to the latest release. Continued development and a large base of community support have made CAINE a very popular live distro.
4) The Sleuth Kit is a more than likely one of the oldest computer forensic and incident response toolsets available. It was original coded in Perl and has been compiled into various platforms including Windows, Linux and Unix. It includes a tools set that can assist in establishing time lines, find intrusions, enumerate network shares, file permissions, it can provide a file system analysis for the most common file systems, FAT32, NTFS, EXT2/3 and much more.
We have only covered a small amount of the tool and platforms that are available and ultimately one must have a certain comfort level with the tool, regardless of the tool type. One’s personal style and favoritisms also come into play. Some forensic examiners like an all-out graphical user interface (GUI), while others prefer a command line approach.