Forensic Tools Recommended
The purpose of this post is to share some forensic tools for safe learning and to prohibit illegal use.
AFLogical OSE: Open source Android Forensics app and framework
The Open Source Edition has been released for use by non-law enforcement personnel, Android aficionados, and forensics gurus alike. It allows an examiner to extract CallLog Calls, Contacts Phones, MMS messages, MMSParts, and SMS messages from Android devices. The full AFLogical software is available free for Law Enforcement personnel. More information is available at https://www.nowsecure.com/
Timesketch is an open source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.
USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later).
USBTracker read some protected log files and needs to be run with administrator permissions. The most simple way to run USBTracker is to launch a CMD or Powershell console with a right click “run as administrator”, then execute the script / exe inside it.
5, Linux Security Auditing Tool (LSAT)
The Linux Security Auditing Tool (LSAT) is a post install security auditor for Linux/Unix. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X)
6, RAT Decoders
Through the python script to get the Trojan in the configuration file, such as ftp, ssh and other information, reverse hackers to attack. Currently supports Adwind, Adzok, Albertino Advanced RAT and so on more than 40 Trojans.
7, Bro Network Security Monitor
Bro is a powerful network analysis framework that is completely different from the typical IDS you know, with the advantages of adaptability, efficiency, flexibility, open interface, and open source.
Xplico is an open source network forensic analysis tool for digital forensics and penetration testing: Kali Linux, BackTrack, DEFT, Security Onion, Matriux, BackBox, CERT Forensics Tools and Pentoo.
PowerForensics is a Powershell digital forensics framework. It currently supports NTFS, and added the ext4 file system during the demonstration process.
10, GRR Rapid Response
GRR Rapid Response is an event emergency response framework that focuses on remote site forensics. It is a Python proxy client that is installed on the target system and can manage and communicate Python infrastructure.
11, Mozilla InvestiGator
Mozilla InvestiGator is an OpSec platform for remote endpoint investigation and verification, consisting of agents of all systems installed on the infrastructure (real-time query file system, network state, memory or endpoint configuration).
Autopsy is a digital forensic platform that is also a graphical interface to the Sleuth Kit and other digital forensics tools. It is used for computer enforcement, military, corporate reviews, etc., and even can be used to restore photos from the camera memory card.
Can be used to capture and analyze the network traffic data and network traffic data package, mainly for network survey, security monitoring and forensics.
The Rekall framework is a fully open set of tools designed to introduce technology and the complexity of digital forensics from RAM and to provide a platform for further and more in-depth research into this area.
15, FastIR Collector (Infrared Knife)
Windows forensics / information collection artifacts, what can be collected includes everything you can think of, not limited to memory, registry, file information and so on.