Feb 01, 2016 Forensic Toolkit is a court-accepted digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. Nov 09, 2018 This article gives digital investigators a clearer understanding how forensic investigators can attack and recover passwords for Encrypting File System (EFS) and gaining information about Windows logon passwords using both FTK (Forensic Toolkit) and PRTK (Password Recovery Toolkit). The Importance of Knowledge in Mac Forensics. By Cecilia Pohlar. Automatically import and expand a nested forensic image with image within an image support. Import and parse AFF4 images created from Mac® computers (generated by third-party solutions like MacQuisition by BlackBag). Parse XFS file systems when investigating and collecting from RHEL Linux environments. Digital Forensics Forensic Toolkit® (FTK®) Forensic Toolkit (FTK) version 6.3. Release Date: Nov 01, 2017 Download Page.

1. Macintosh Forensic Tools
2. Free Forensic Software For Mac Os
3. Free Forensic Software For Mac Computers

• Facebook Forensics Toolkit Download Free Feb 01, 2016 Forensic Toolkit is a court-accepted digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product.
• Search: Forensic Video Enhancement Software For Mac. If you are searching for Forensic Video Enhancement Software For Mac, simply cheking out our information below.

IOS FORENSIC TOOLKIT

Enhanced Forensic Access to iPhone/iPad/iPod Devices running Apple iOS

Aug 28, 2021 This product supports Windows, Mac, and Linux file systems. You can preview and search for suspicious files quickly. This Digital forensics software creates a copy of the entire suspected disk to keep the original evidence safe. This tool helps you to see internet history. You can import or export.dd format images. WavePad Free Audio Editor is a full-featured professional audio and music editor. You can record and edit music, voice, and other audio recordings. With this free software you can cut, copy, and paste parts of recordings. File Name:wpsetup.exe. Author: NCH Software. License:Freeware (Free) File Size:1.09 Mb.

Perform the complete forensic analysis of encrypted user data stored in certain iPhone/iPad/iPod devices running any version of iOS. Elcomsoft iOS Forensic Toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time.

Features and Benefits

1. An all-in-one, complete solution
2. Acquire complete, bit-precise device images
3. Device keys and keychain items recovery
4. Quick acquisition (20-40 min typical – for 32 GB models)
5. Zero-footprint operation leaves no traces and requires no modifications to devices’ contents
6. Every step of investigation is fully logged
7. Support all versions of iOS
8. Passcode not required (*)
9. Instant passcode recovery for all iOS version up to 3.x
10. Simple 4-digit iOS 4.x and iOS 5.0 passcodes recovered in 20-40 minutes
11. Physical and logical acquisition supported
12. Mac and Windows versions available
13. Automatic and manual modes available
14. Availability restricted to select government entities

Restricted Use
ElcomSoft restricts the availability of the toolkit to select government entities such as law enforcement and forensic organizations and intelligence agencies.

Forensic Software – Get Your Cyber Crimes and Digital Investigations Solved Quickly

Investigating a case of cyber crime is not an easy thing to do. The more complicated the case, the more difficult and time-consuming it will be. If you work with the law enforcement, you might need to streamline every case of cyber crimes that you take, so that you can solve it more easily.

No more complicated steps in your digital investigations. With forensic software, you can get your case of cyber crimes solved as efficiently as possible. It helps to bring you through various stages in your investigations, with the highest court approval rate.

EnCase Forensic

EnCase Forensic has become the global standard in digital investigations, providing the highest power, efficiency, and results. It walks you through the various stages of your investigations in logical steps: triage, collect, process, search, analyze, and report.

NetAnalysis

NetAnalysis is a forensic software that walks you through the investigation, analysis, and presentation of forensic evidence in operating system and mobile device usage. It features web browser forensics, filtering and searching, cache export and page rebuilding, and reporting.

DFF (Digital Forensics Framework)

DFF is the software used in digital investigations, which provides digital forensic analysis, investigation and threat detection. It offers various features, including evidence preservation, multimedia analysis, fast data reduction and triage, memory analysis, and user activity analysis.

Magnet Axiom

Magnet Axiom provides a complete digital investigation platform that helps you simplify your analysis and explore your digital evidence more deeply. It leads you to a simple investigation process, which includes evidence acquiring, evidence analysis, and single stage evidence processing.

Helix3 Enterprise

Helix3 Enterprise provides a cyber security solution that helps you to investigate malicious activities within your network. It features quick implementation, review employee internet usage, capture screenshots and key logging, and e-discovery across the entire network.

BlackLight

BlackLight is a forensic software used to analyze your computer volumes and mobile devices. It offers various features, including actionable intel, memory analysis, file filter view, media analysis, communication analysis, and reporting.

X-Ways Forensics

X-Ways Forensics provides an integrated computer forensic software used for computer forensic examiners. There are various features available, including disk cloning and imaging, complete access to disk, automatic partition identification, and superimposition of sectors.

SANS Digital Forensics

Free Forensic Toolkit

SANS Digital Forensics is a forensic software designed to provide any organizations the digital forensics needed for various types of cyber crimes. Aside from providing digital forensic software, it also provides courses to let the organizations deal with cyber crimes in the right way.

Other Forensic Software for Different Platforms

This Forensic software is available on almost all platforms. However, since the software needs a high-end device to perform well, it is better to use the desktop version of the software, since it usually offers more functionalities.

NirSoft

NirSoft is a Windows digital forensic investigation software that offers the ability to extract important data from your drives, with support for external drives. It provides tools to investigate your IE history, IE cache, IE cookies, IE pass, search data, information from other browsers, and live contacts.

BlackBag

BlackBag provides an advanced data retrieval technology that helps you to seek, reveal, and preserve the truth. It is available for Windows and Mac OS. It also provides training about handling cyber crimes, which helps users to use the software more proficiently.

MOBILedit Forensic

MOBILedit Forensic provides the most comprehensive digital investigation tool for Android devices. It offers various features, including support for almost all phones, extract important application data, bypass the passcode, and bypass the PIN code.

Autopsy

Autopsy is a digital forensic software for Linux, with graphical user interface. It allows you to analyze computers and smartphones to reveal traces of digital evidence for cyber crime cases. Plugins are available for this software, which can bring new features to the software.

Belkasoft Evidence Center – Best Forensic Software of 2016

Belkasoft Evidence Center provides an all-in-one forensic solution for digital investigations, which can be used to deal with online and offline crimes. It features all-in-one forensic tool, simple and powerful system, advance low level expertise, as well as clean and concise reports. This software has been used by various law enforcements worldwide.

What is Forensic Software?

Forensic software is a type of software that deals with digital forensic investigations for both online and offline crimes. This software is usually used by law enforcements and governments who want to investigate various crimes involving digital devices, such as computers and smartphones. The software works by examining the target device and provides comprehensive analysis that will reveal suspicious activities within the device. It provides streamlined investigation steps, with concise reports that can be submitted to the court with a high approval rate. Sometimes, this software can also be used to prevent cyber crimes within a network, by detecting suspicious activities as it happens.

How to Install Forensic Software?

Forensic software needs to be installed on a compatible device. Since the software usually demands high performance computers or devices, you need to make sure that your device meets the requirements of the software. Once you do that, you can download the installation file from the official website of the respective software, and run the installation process on your compatible device.

Microsoft Forensic Toolkit

Investigating a cyber crime can take a lot of time, especially when it comes to complex instances of cyber attacks. Regular crimes that involve the use of digital devices can also be very difficult to solve, especially if the device cannot be accessed in any way. This is where forensic software becomes necessary. It helps you with the investigation of various crimes that involve digital devices, with a streamlined investigation process. You don’t need to make your investigation more complex when you use this software. Instead, the software helps you through the logical investigation steps that allow you to solve the case more quickly and easily. Not only that, the results of your investigation are presented in customized reports, allowing you to submit the reports to the court as an evidence, with a high level of court acceptance.

Facebook Forensics Toolkit Download Free

Introduction

According to Juniper Research, cybercrime losses to businesses will surpass $2 trillion by the year 2019. With data breaches occurring all around the world every day, the demand for experts in computer forensics will also increase. Whether you need to investigate an unauthorized server access, look into an internal case of human resources, or are interested in learning a new skill, these free and open source computer forensics tools will help you conduct in-depth analysis, including hard drive forensics, memory analysis, forensic image exploration, and mobile forensics. However, this is not an extensive list by all means and may not cover all necessary tools required for a complete investigation. It only includes some of the popular and useful tools. Using the right tools can always help you move things faster and result in more productive results.

Forensic Toolkits

These are multipurpose forensic toolkits that can carry out a number of detailed digital forensic tasks.

1. SANS Investigative Forensic Toolkit (SIFT)

Based on Ubuntu, SIFT has all the important tools needed to carry out a detailed forensic analysis or incident response study. It supports analysis in advanced forensic format (AFF), expert witness format (E01) and RAW evidence (DD) format. It comes with tools to carve data files, generate timeline from system logs, examine recycle bins, and much more.

SIFT provides user documentation that allows you to get accustomed to the available tools and their usage. It also explains where evidence can be found on a system. Tools can be opened manually from the terminal window or with the help of top menu bar.

Having more than 100,000 downloads to date, SIFT continues to be a widely used open-source forensic and incident response tool.

New key features Include:

• Ubuntu LTS 16.04 Base
• 64-bit base system
• Auto-DFIR package update and customization
• VMware appliance ready to tackle forensics
• Cross-compatibility between Windows and Linux
• Choice to install stand-alone via (.iso) or use via VMware Player/Workstation
• Online documentation project athttp://sift.readthedocs.org/

Pros: Better utilization of memory, modern forensic tools and techniques, expanded file system support. Microsoft visio full version.

Link: https://digital-forensics.sans.org/community/downloads

2. Sleuth Kit Autopsy

Autopsy is a digital forensics platform that efficiently analyzes smartphones and hard disks. It is used worldwide by a large number of users, including law enforcement agencies, the military, and corporations to carry out investigations on a computer system. It has an easy-to-use interface, processes data fast, and is cost-effective. Sleuth Kit is a collection that consists of command line tools and a C library allowing the analysis of disk images and file recovery. It is used at the back end in the Autopsy tool.

Key features of Autopsy include:

• Timeline Analysis—Advanced interface for graphical event viewing.
• Hash Filtering—Flags known bad files and overlooks known good files.
• Keyword Search—Indexed keyword search makes file search easier.
• Web Artifacts—Extracting bookmarks, history, and cookies from web browsers.
• Data Carving—Recovering deleted files from unallocated space by using PhotoRec.
• Multimedia—Extracting EXIF from pictures and watching videos.
• Compromise Indicators—Scanning a computer using STIX.

Pros: Good documentation and support

Cons: It requires special user skills because it is based on Unix.

Link:http://www.sleuthkit.org/autopsy/

3. Oxygen Forensic Suite

Available in free and professional versions, this forensics tool helps you to collect evidence from a mobile phone. It collects all device information such as serial number, IMEI, OS, etc., and recovers messages, contacts and call logs. Its file browser feature enables you to have access to and analyze photos, documents, videos and device database.

Some more important features include:

• Built-in cloud data recovery.
• Contact aggregation helps to identify linked profiles from all sources, including app accounts.
• Social graph features identify most frequently communicated contacts, making it easier to conduct the investigation.
• Map feature locates all check-ins, map lookups, visited websites, and messages containing geolocation metadata of all the devices being studied under the case.
• Timeline feature reveals the most active user hours and most common ways in which the device is operated.
• Allows importing messages from three other mobile forensic tools, JTAG/ISP images, RAW/DD files, and chip-off dumps.

Pros: It provides several ways to extract data including Bluetooth, USB cable, iTunes backups, other forensic software backups, and Android backups. Also, the main interface is straightforward and easy to use. It provides sophisticated data analysis and has several useful data analysis features.

Cons: Unlike its competitors XRY and UFED, its free version does not provide advanced features such as cracking Android backups or locked iPhone.

Link:https://www.oxygen-forensic.com/en/

4. DEFT Zero

DEFT (digital evidence and forensics toolkit) is a Linux-based distribution that allows professionals and non-experts to gather and preserve forensic data and digital evidence. The free and open source operating system has some of the best computer forensics open source applications. DEFT Zero is a lightweight version released in 2017.

Some of its useful features are as follows:

• Supports 32 and 64 bit hardware with UEFI and secure boot.
• Supports NVMExpress memories and eMMC memories.
• DEFT Zero Linux 2017.1 can be operated in three booting modes: GUI mode, RAM preload GUI mode, and text mode.

Pros: Needs only 400 MB memory to run. This means that it can be run even on a slow or obsolete PC.

Link: http://www.deftlinux.net/2017/02/13/deft-zero-2017-1-ready-for-download/

Network Forensic Tools

These tools help in the extraction and forensic analysis of activity across the network.

1. WireShark

WireShark is one of the most commonly used network protocol analyzers. It allows you to investigate your network activity at the microscopic level. Wireshark is widely used by government agencies, corporations and educational institutes.

• Allows deep investigation into many protocols, with the number of protocols being added constantly.
• Offline and online analysis.
• Supports multiple platforms that include Windows, Solaris, Linux, FreeBSD, Mac OS, NetBSD, and others.
• Network data can by browsed through TTY mode (Tshark utility) or a graphical user interface.
• Powerful display filters.
• Strong VoIP analysis
• Reading/writing enabled in multiple file formats, such as tcpdump (libpcap), Cisco Secure IDS iplog, Network General Sniffer® (compressed and uncompressed), Novell LANalyzer, to name a few.
• Data can be read live from IEEE 802.11, Ethernet, FDDI, Token Ring, and others.
• Supports decryption for various protocols, including Kerberos, ISAKMP, IPsec, SSL/TLS, WPA/WPA2, and WEP.
• Supports the export of output to CSV, XML, or plain text

Pros: Digs deep to uncover minor details in the network data.

Cons: Does not exactly pinpoint the solution you are looking for and dumps raw data into large files for you to figure out.

Link: www.wireshark.org

2. Network Miner

This is a network forensic analysis tool (NFAT) for Windows, Mac OS X, Linux, and FreeBSD. These tools come in a free edition as well as a professional paid edition. Network Miner’s free edition can

• Work as a passive network sniffer that captures packets to detect hostnames, sessions, open ports and operating systems without generating traffic on network.
• Allow for offline analysis by parsing PCAP files.
• Regenerate transmitted certificates and files from PCAP files.
• Save time of forensic analysts by presenting extracted data with a user-friendly interface.

Pros: Captures network traffic, investigates potential rogue hosts, assembles and extracts files from captured traffic.

Link:http://www.filecroco.com/download-networkminer

3. Xplico

This is an open-source network forensic analysis tool (NFAT) that can extract app data from internet traffic. For instance, Xplico can extract email, HTTP contents, VoIP call, FTP, TFTP, etc., from a pcap file. Important features of Xplico are:

• Supports HTTP, IMAP, POP, SIP, SMTP, UDP, TCP, Ipv6 protocols
• Multithreading
• Port-independent protocol identification for application protocol
• Outputs data and information as a MySQL or SQLite database
• Associates an XML file with each reassembled data set
• Reverse DNS lookup
• No size limit on number of files or data size
• Supports IPv4 and IPv6
• Modular components, i.e., input interface, output interface, and protocol decoder.

Pros: There is no size limit on number of files or data size. Its command line shows more detail and its geo-map feature can be used in web interface as well as console mode.

Cons: Publisher 2013. it is not possible to copy packets and send them to two separate dissectors; instead, there is the possibility of losing the packets, as the average processing time for a packet is higher than the average number of packets per second in Xplico.

Link:www.xplico.org

Forensic Imaging Tools

These tools help in analyzing disk images at microscopic level.

1. FTK Imager

this is a data preview and imaging tool with which one can study files and folders on a hard drive, network drive, and CDs/DVDs. It allows you to:

• review forensic memory dumps or images.
• create MD5 or SHA1 file hashes that are already deleted from the recycle bin, if their data blocks have not already been overwritten.
• mount forensic images to view their contents in browser.

Pros: Creates bit-by-bit image and creates exact replica of the drive, thus allowing the investigator to view deleted or irretrievable files. It also creates a keyword index for every image, which makes future searches easier.

Cons: It doesn’t carve files and lacks recursive export capabilities.

Link:http://accessdata.com/product-download/ftk-imager-version-3.4.3

2. Linux “dd”

Linux dd is a powerful tool that is installed by default in most Linux distributions (Fedora, Ubuntu). It can be used for conducting a number of forensic tasks like creating raw image of a folder, file, or drive.

On the negative side, it can be quite destructive if not used properly, thus earning the name “Data Destroyer” from some users. It is therefore advisable to test the command in a safe environment first and then apply it to the real data.

3. IXImager

This comes with a small, and fast-booting forensic image analysis in a microkernel that runs from portable media. It physically boots the device, captures and authenticates a computer system, and reconstructs the filesystem.

Key features include:

• Securely accounts for data corruption.
• Documents and records data tampering.
• Uses high-speed data compression RW.
• Has the capability for data to span different file systems, media types and output devices.
• Creates detailed data acquisition logs.
• Creates encrypted authentication log file for user actions and locks it to prevent it from being tampered.

Link:https://www.perlustro.com/solutions/e-forensics/iximager

Memory Forensics

1. Magnet RAM Capture

Magnet Ram Capture is one of the many tools provided by Magnet Forensics. It is a free tool that captures the physical memory of a computer. This can help forensic investigators recover and analyze useful artifacts in the computer’s memory.

Having a small memory footprint, the tool can be run while the overwritten data in the memory is minimized. The collected memory data can be exported in RAW format and uploaded into any of the forensic analysis tools.

RAM evidence captured by the tool includes processes and programs, network connections, registry hives, malware intrusion evidence, decrypted keys and files, usernames and passwords, and any other activity not usually stored on the hard disk.

Pros: Acquires full physical memory fast and leaves small footprint on live system that is under analysis.

Link:https://www.magnetforensics.com/free-digital-forensics-software-tools/

2. Memoryze

Macintosh Forensic Tools

This free memory forensic tool helps discover malicious activity in live memory. It can acquire and analyze images from memory.

Key features include:

• Creating an image of entire system memory.
• Creating an image of a specific driver or all drivers in memory to the disk.
• Creating an image of the complete address space of a process to disk.
• Counting all running process and listing them.
• Identifying drivers that are loaded in memory.

Free Forensic Software For Mac Os

Link: https://www.fireeye.com/services/freeware/memoryze.html

Website Forensics

1. FAW (Forensics Acquisition of Websites)

This is the first browser that can acquire web pages from websites available online to conduct forensic investigation.

Its key features include:

• Viewing and editing host files.
• Audio/video capture.
• Acquiring code for iFrames on the webpage.
• Acquiring IP address and hostname of webpage.
• Support for English, French, Italian, and Polish languages.
• Improved performance and stability.

Pros: It extracts image files on webpages being viewed. It can capture files such as JavaScript and CSS on a website, which can help detect malware. It preserves a webpage while it is being viewed by a user.

Link:www.fawproject.com

Free Forensic Software For Mac Computers

Πηγή : infosecinstitute