Komputer & Telekomunikasi    
   
Daftar Isi
(Sebelumnya) List of desktop publishing softwareList of discrete event simulat ... (Berikutnya)

Daftar/Tabel -- digital forensics tools

During the 1980s, most of digital forensic investigations consisted of "live analysis", examining digital media directly using non-specialist tools. In the 1990s several commercial and freeware tools (both hardware and software) were created to allow investigations to take place without modifying media. This first set of tools mainly focused on computer forensics, although in recent years similar tools have evolved for the field of mobile device forensics.[1]

Contents

Computer forensics

Main article: computer forensics
NamePlatformLicenseVersionDescription
Spector CNE InvestigatorWindowscommercial7.0A user activity monitoring solution that allows the replaying of computer activity in detail.
Internet Evidence Finder IEFWindowscommercial5.5Computer Forensics Solution
SANS Investigative Forensics Toolkit - SIFTUbuntu 2.1Multi-purpose forensic operating system
Registry ReconWindowscommercial2.0.0.0530Forensics tool that rebuilds Windows registries from anywhere on a hard drive and parses them for deep analysis.
EnCaseWindowscommercial7.03Multi-purpose forensic tool
EPRBWindowscommercial1435Set of tools for encrypted systems & data decryption and password recovery
FTKWindowscommercial4.0.1Multi-purpose tool, commonly used to index acquired media.
Digital Forensics FrameworkWindows / Linux / MacOSGPL1.1DFF is both a digital investigation tool and a development platform
PTK ForensicsLAMPfree/commercial2.0GUI for The Sleuth Kit
The Coroner's ToolkitUnix-likeIBM Public License1.19A suite of programs for Unix analysis
COFEEWindowsProprietaryn/aA suite of tools for Windows developed by Microsoft, only available to law enforcement
The Sleuth KitUnix-like/WindowsIPL, CPL, GPL3.1.1A library of tools for both Unix and Windows
Categoriser 4 Pictures[2]WindowsFree4.0.2Image categorisation tool develop, available to law enforcement
Paraben P2 CommanderWindowsCommercialn/aGeneral purpose forensic tool
Open Computer Forensics ArchitectureLinuxLGPL/GPL2.3.0Computer forensics framework for CF-Lab environment
SafeBack[3]N/acommercial3.0Digital media (evidence) acquisition and backup
Windows To Gon/acommercialn/aBootable operating system
Forensic AssistantWindowscommercial1.2User activity analyzer(E-mail, IM, Docs, Browsers), plus set of forensics tools
NuixWindowscommercial4.0.1Forensic analysis & fraud prevention software. Full text search, extracts emails, credit card numbers, IP addresses, URLs. Skin tone analysis. Support for ingesting Windows, Mac OS, Linux and mobile device data.
PeerLabWindowscommercial1.30FileSharing and "Instant Messaging"-analyzer
OSForensicsWindowsfree/commercial0.99fGeneral purpose forensic tool for E-mail, Files, Images & browsers.
X-Way ForensicsWindowscommercial16.1General purpose forensic tool based on WinHex hex editor.
bulk_extractorWindows, LinuxPublic Domain1.1Stream-based forensic feature extraction of e-mail addresses, phone numbers, urls and other identified objects.
IntellaWindowsCommercial1.6.4Forensic Search Software - Email, Data and Cellphone Processing/Investigation 
CAINELinuxfree/open source3.0Gnu/Linux computer forensics live distro. 
Forensics ApprenticeWindowsCommercial1.2Computer Forensics Investigation Software.

Memory forensics

Main article: memory forensics

Memory forensics tools are used to acquire and/or analyze a computer's volatile memory (RAM). They are often used in incident response situations to preserve evidence in memory that would be lost when a system is shutdown, and to quickly detect stealthy malware by directly examining the operating system and other running software in memory.

NameVendor/SponsorPlatformLicenseWeb Site
CMAT WindowsFree (AFL)http://sourceforge.net/projects/cmat/
MemoryzeMandiantWindowsCommercial (gratis)http://www.mandiant.com/products/free _software/memoryze/
ResponderHBGaryWindowsCommercialhttp://hbgary.com/responder-field http://hbgary.com/responder-pro
Second LookRaytheon PikewerksLinuxCommercialhttp://secondlookforensics.com/
WindowsSCOPEBlueRISCWindowsCommercialhttp://windowsscope.com/
Volafox Mac OSFree (GPL)http://code.google.com/p/volafox/
VolatililtyVolatile SystemsWindows & LinuxFree (GPL)http://code.google.com/p/volatility/ https://www.volatilesystems.com/defau lt/volatility

Mobile device forensics

Main article: mobile device forensics

Mobile forensics tools tend to consist of both a hardware and software component. Mobile phones come with a diverse range of connectors, the hardware devices support a number of different cables and perform the same role as a write blocker in computer devices.

NamePlatformLicenseVersionDescription
Cellebrite Mobile Forensics[4]WindowsCommercial Universal Forensics Extraction Device - Hardware and Software
Radio Tactics Aceso[4]WindowsCommercial "All-in-one" unit with a touch screen
Paraben Device Seizure[4]WindowsCommercial Hardware/Software package
SAFT Mobile Forensics[5]WindowsFree/Commericial Easy-to-use mobile forensics application specializes in Android.
MicroSystemation XRY/XACT[4]WindowsCommercial Hardware/Software package, specialises in deleted data
Oxygen Forensic Suite (former Oxygen Phone Manager[4])WindowsCommercial Smart forensics for smartphones
Elcomsoft iOS Forensic Toolkit (EIFT)Windows, MacCommercial Acquires bit-precise images of Apple iOS devices in real time
Elcomsoft Phone Password Breaker (EPPB)WindowsCommercial Enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms,
MOBILedit! Forensic[4]WindowsCommercial Hardware-Connection kit/Software package
viaForensics viaExtract[6]Any (Distributed as VM)Commercial1.7Software package, specializes in Android Forensics

Network Forensics

Main article: network forensics

Network forensics tools are designed to capture and/or analyze network packets.

NamePlatformLicenseVersionDescription
WireSharkWindows/Mac/LinuxOpen Source Captures and analyzes packets
NetworkMinerWindows/LinuxOpen Source (GPL) Extracts files, images and other metadata from PCAP files
tcpflowWindows/Mac/LinuxGPL3 tcp/ip session reassembler
NetInterceptApplianceCommercial Appliance

Other

NamePlatformLicenseVersionDescription
HashKeeperWindowsfreen/aDatabase application for storing file hash signatures
Evidence EliminatorWindowscommercial6.03Anti-forensics software, claims to delete files securely
DECAFWindowsfreen/aTool which automatically executes a set of user defined actions on detecting Microsoft's COFEE tool
NetSleuthWindowsGPLn/aOpen-source network forensics and monitoring tool.

References

  1. ^ Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4. http://books.google.co.uk/books?id=Xo 8GMt_AbQsC.
  2. ^ Sanderson, P (December 2006). "Mass image classification". Digital Investigations 3 (4): 190–195. doi:10.1016/j.diin.2006.10.010.
  3. ^ Mohay, George M. (2003). Computer and intrusion forensics. Artechhouse. p. 395. ISBN 1-58053-369-8.
  4. ^ a b c d e f Mislan, Richard (2010). "Creating laboratories for undergraduate courses in mobile phone forensics". Proceedings of the 2010 ACM conference on Information technology education (ACM): 111–116. http://portal.acm.org/citation.cfm?id =1867651.1867680. Retrieved 29 November 2010. "Among the most popular tools are products named MicroSystemation GSM .XRY and .XACT, Cellebrite UFED, Susteen Secure View2, Paraben Device Seizure, Radio Tactics Aceso, Oxygen Phone Manager, and Compelson MobilEdit Forensic"
  5. ^ "SAFT Forensics". http://www.signalsec.com/saft/. Retrieved 1 March 2013.
  6. ^ "viaForensics". https://viaforensics.com/products/via extract/. Retrieved 1 October 2012.
(Sebelumnya) List of desktop publishing softwareList of discrete event simulat ... (Berikutnya)