Free IT forensic software | Free computer forensic software tools

[Ldfa]

Advanced Prefetch Analyser Allan Hay Reads Windows XP,Vista and Windows 7 prefetch files analyzeMFT David Kovar Parses the MFT from an NTFS file system allowing results to be analysed with other tools Defraser Various Detects full and partial multimedia files in unallocated space eCryptfs Parser Ted Technology Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc. Encryption Analyzer Passware Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file ExifTool Phil Harvey Read, write and edit Exif data in a large number of file types Forensic Image Viewer Sanderson Forensics View various picture formats, image enhancer, extraction of embedded Exif, GPS data Highlighter Mandiant Examine log files using text, graphic or histogram views Link Parser 4Discovery Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files LiveContactsView Nirsoft View and export Windows Live Messenger contact details RSA Netwitness Investigator* EMC Network packet capture and analysis Memoryze Mandiant Acquire and/or analyse RAM images, including the page file on live systems MetaExtractor 4Discovery Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files MFTview Sanderson Forensics Displays and decodes contents of an extracted MFT file NetSleuth NetGrab Network monitoring tool, with covert “silent port scanning” PictureBox Mike’s Forensic Tools Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format PsTools Microsoft Suite of command-line Windows utilities Shadow Explorer Shadow Explorer Browse and extract files from shadow copies Simple File Parser Chris Mayhew GUI tool for parsing .lnk files, prefetch and jump list artefacts SQLite Manager Mrinal Kant, Tarakant Tripathy Firefox add-on enabling viewing of any SQLite database Strings Microsoft Command-line tool for text searches Structured Storage Viewer MiTec View and manage MS OLE Structured Storage based files Switch-a-Roo Mike’s Forensic Tools Text replacement/converter/decoder for when dealing with URL encoding, etc Windows File Analyzer MiTeC Analyse thumbs.db, Prefetch, INFO2 and .lnk files

Afficher l’article complet