Computer Forensics Software
There are many computer forensics software tools available, some of the most commonly used tools are as follows:
| Forensics Software Title | Forensic Software Producers | What does this Forensic Software do? |
| AnaDisk | NTI | NTI identifies anomalies in floppy diskettes and is a sophisticated tool for analysis. |
| BXDR | Sanderson Forensics | BXDR shows the full sector count on a hard drive, INCLUDING any protected areas which can be often missed by other software programs. |
| ByteBack III | Tech Assist | ByteBackIII offers low level applications for computer forensics. Partition and MasterBoot record manipulations and memory management. |
| Case Agent Companion v1.0 | Paraben Forensic | Case Agent Companion v1.0 is designed to ensure that both the examiner AND the officer working the case. CACv1.0 also has viewer support for 225 file formats. |
| CD/DVD Diagnostic | Arrowkey | CD/DVD Diagnostic recovers lost data from optical media, such as CD's and DVD's, (including DVD-R, DVD+R, DVD+-R and rewriteable formats) |
| CD-R Inspector | CERI Labs | CD-R Inspector offers both CD and DVD inspection but does so in a forensic manner. |
| Cell Seizure v3.0 | Paraben Forensic | Cell Seizure v3.0 allows a full forensic acquisition of user entered data, and also includes unallocated space. Can provide full memory dumps on some devices. |
| Chat Examiner v1.0.2 | Paraben Forensic | Chat Examiner v1.0.2 analyses chat logs from all major Instant Messaging chat services, excluding AOL Instant Messanger). |
| ChkRootKit | Pangeia Informatica | ChkRootKit is designed to locally check for signs of rootkit manipulation |
| CRCMd5 | NTI | CRCMd5 is a file verification program |
| Disk Space Explorer | East-Tec Eraser 2006 | Disk Space Explorer provides protection to identity and confidential information on a computer. |
| Disklabs WinHex | X-Ways/Disklabs Computer Forensics | Disklabs Winhex is a hexadecimal editor used in data recovery |
| Disklabs Xways Forensics | Disklabs Computer Forensics | Disklabs Winhex is a hexadecimal editor used in data recovery and computer forensics |
| DT Search | DT Search | DT Search offers instand searchability across terabytes of text. Can be used over networks, internet or intranet sites. |
| Encase | Guidance Software | Encase has various versions, but is considered to be the standard tool for computer forensic practitioners across the world. |
| Encase Enterprise | Guidance Software | Encase Enterprise is a powerful network enabled version of the Encase product with multi-platofrm enterprise solution which drastically reduces the time an investigation takes, and therefore costs. |
| Fast Split Gold | Piquest | Fast Split Gold is able to split files to make them smaller so that they can fit on different media types, ( e.g. 1.2Gb split down so that it fits on two CD's) |
| Field Intelligence Model | Guidance Software | Field Intelligence Model is a Network enabled forensics tool. |
| Forager | Inforenz | Forager allows access to meta data, (data about data). |
| Foremost v1.2 | Air Force Office of Special Investigations | Foremostv1.2 is a data retrieval program which recovers files based on their headers, footers and internal data structures. |
| Forensic Replicator v4.0 | Paraben Forensic | Forensic Replicator v4.0 can acquire a wide range of electronic media types from floppy diskettes on to hard disks. |
| Forensic Sorter v2.0.1 | Paraben Forensic | Forensic Sorter v2.0.1 categorises data into 14 different classifications. It also filters out common hashes, which saves time during examinations |
| Forensic Tool Kit | Access Data | Forensic Tool Kit is one of the industry standard toolkits for forensic analysts. |
| GNU Parted | Free Software Foundation | GNU Parted is a partition and file system editor, and allows creating, destroying, resizing, checking and copying partitions and file systems. |
| Hex Workshop | Breakpoint Software | Hex Workshop is hexadecimal editing software |
| Hurricane Search | Hurricane Software | Hurricane Search is a tool for finding data on hard drives. |
| IDA Pro Disassembler | Data Rescue | IDA Pro Disassembler is a debugger and disassembler |
| Inquire | Sanderson Forensics | Inquire is an application which can list any hard drive and information such as serial number and revision number. |
| Inzider | Arne Vidstrom | PM Dump lists processes and reports on the ports these processes use. |
| KaZAlyser | Sanderson Forensics | KaZAlyser is a Peer 2 Peer data base viewer. |
| LoPe | Evidence Talks | LoPe is a powerful forensic email processing engine. |
| Net Analysis | Craig Wilson | Net Analysis is an internet history tool, and is used to identify amongst other things child pornography site. |
| Network E-mail Examiner v2.0.290 | Paraben Forensic | Network E-mail Examiner v2.0.290 examines MS Exchange, (EDB) Lotus Notes (NSF) and email stores from GroupWise. |
| Olly Dbg | Oleh Yuschuk | Olly Dbg is a 32bit assembler level analysing debugger tool for MS Windows. |
| Passware | Passware | Passware provides password cracking software, (cracks passwords by individual application). |
| Password Recovery Toolkit | Access Data | Password Recovery Toolkit, (PRTK), is the industry standard password cracking toolkit. PRTK uses biographical dictionaries to make the crack faster. |
| PDA Seizure v3.0.3.86 | Paraben Forensic | PDA Seizure v3.0.3.86 is an acquisition tool for Personal Digital Assistants. |
| PMDump | Anrne Vidstrom | PMDump is a tool that dumps the memory being used into a file without stopping that process. |
| PSTools | Sysinternals/Mark Russinovich | PSTools is a collection of tools for manipulating remote systems. |
| Registry Analyzer | Paraben Forensic | Registry Analyzer is a tool for analyzing and reporting on registry files, where important data is kept. |
| Registry Viewer | Access Data | Registry Viewer is a tool to allow a view of registry files which means that the user can access the usernames, email settings and passwords. |
| RootKit ID Project | Philip Bourcier | Rootkit ID project is a tool for checking your rootkits so that we can compare MD5 hashes. |
| Sabre Bin Diff | Sabre Security | Sabre Bin Diff allows the user to use multiple variations of essentially the same program. This is used to check if code has been stolen or copied. |
| Secret Explorer | LastBit Software | Secret Explorer allows access to protected areas on the hard drive including auto-complete data, passwords and email account identities. |
| SIM card Seizure v1.0.2131 | Paraben Forensic | SIM Card Seizure v1.0.2131 allows the user access to data stored on the mobile phone SIM card. |
| Text Searcher v1.2 | Paraben Forensic | Text Searcher v1.2 provides a text search facility. |
(if you have a software tool available and would like a link on the www.computer-forensics.co.uk site, then please send the request to webmaster@computer-forensics.co.uk)
Encase - http://www.guidancesoftware.com
Forensics Tool Kit, (FTK) - http://www.accessdata.com
LoPe - http://www.evidencetalks.com/forensic_toolsets/email_forensics.php#lope
Forager - http://www.inforenz.com/software/forager.html
X-Ways Forensics - http://www.x-ways.net/forensics/index-m.html
Computer Forensics - Computer Forensics Careers - Computer Forensics Certification - Computer Forensics Consultant - Computer Forensics Consulting - Computer Forensics Crime - Computer Forensics Degree - Computer Forensics Expert - Computer Forensics Investigation - Computer Forensics Investigator - Computer Forensics Jobs - Computer Forensics Software - Computer Forensics Training - Remote Computer Forensics - Computer Forensics Forums - Intellectual Property Theft
www.disklabs.com - www.raids.co.uk - www.satnavforensics.com
www.mobilephoneforensics.com - www.computer-forensics.co.uk - www.hrproact.com
