Below is a repository of some of digital forensics tools that have been most useful to me. I have used these tools within my IT 566 class and in my own personal research and experimentation. I have tried to include descriptions on how the tools work and what they can be used for, links to the tool sources, and examples and screenshots of the usage of these tools. Throughout this guide, "victim machine" refers to the machine being investigated forensically. "Forensic workstation" refers to the machine being used by the person performing the forensic analysis to log findings, files, output, etc. As connecting the victim machine to your forensic workstation to transfer output and information can present security concerns (especially if the victim machine is infected with malware), it is crucial to frequently scan and check your forensic workstation to maintain its integrity and security.
NOTE: Some of these tools may require administrator/root privileges to run correctly.
1. UNIX File Hashing Script
2. Netcat
3. Netstat
4. Creating a Windows Network File Share with Linux
5. Using Tcpdump with Netcat
6. Strings Analysis
Digital Forensic Workstations
ReplyDeleteDigital Forensic Workstations
Digital Forensic Workstations
Digital Forensic Workstations
Digital Forensic Workstations