Forensic Toolkit
No description is available yet
Here is the markdown description:
Tools for Forensic Investigation
Basic Analysis Tools
| Tool | Description | Usage |
|---|---|---|
| file | Checks the type of file | file -filename |
| exiftool | Gives basic metadata | exiftool -filename |
| binwalk | Shows embedded files | binwalk -filename |
| strings | Gives printable characters | strings -filename |
| foremost | Extracts embedded files | foremost -filename |
| pngcheck | Details about a PNG image | pngcheck –options -filename |
| ffmpeg | Checks integrity of audio files | ffmpeg –options -filename |
Tools for Memory Dumps
- Volatility: An open source memory forensics framework for incident response and malware analysis. Supports Microsoft Windows, Mac OS X, and Linux.
Tools for Network Packet Captures
| Tool | Description | Usage |
|---|---|---|
| Wireshark | A free and open source packet analyzer. Used for network troubleshooting, analysis, software and communications protocol development | wireshark filename.pcap |
| Tcpdump | A common packet analyzer that runs under the command line. Displays TCP/IP and other packets being transmitted or received over a network | tcpdump -options |
| Network Miner | A GUI application for Windows. Used as a passive network sniffer/packet capturing tool to detect operating systems, sessions, hostnames, open ports, etc. without putting any traffic on the network |
Tools for Disk-Image Data Analysis
| Tool | Description | Usage |
|---|---|---|
| Fdisk | A command-line utility that provides disk partitioning functions | fdisk -lu filename |
| Mmls | Displays the contents of a volume system (media management). Identifies the type of partition and its length, making it easy to use dd to extract partitions |
mmls filename |
| TestDisk | A free data recovery software. Designed to help recover lost partitions and/or make non-booting disks bootable again when symptoms are caused by faulty software | testdisk filename |
| Autopsy | Computer software that makes it simpler to deploy many open source programs and plugins used in The Sleuth Kit. Graphical user interface displays results from forensic search of underlying volume | GUI Application |
| OSForensics | A digital computer forensic application that discovers, identifies, and manages everything hidden inside your computer systems and digital storage devices. | GUI Application |
I hope this helps! Let me know if you have any questions.
> Visit Forensic Toolkit Website <