Results 1 to 9 of 9

Thread: Forensics software

  1. #1

    Forensics software

    hey im doing a project for my cisco class and i was wondering if any of you guys knew of some computer forensics software that i could research and get some information on

  2. #2
    don't know if you would find it useful, but try the forensic toolkit :
    http://www.accessdata.com/ftkuser/

    else you could take a look at Encase, but it is very expensive to buy

    http://www.guidancesoftware.com/support/downloads.shtm

    it is the most popular forensic tool though

  3. #3
    This is a little more advanced but you could download this ISO image, use it to create a Linux boot CD that has a ton of forensics tools on it and boot it up on the system you want to analyze.

    It's called Helix and is based off the Knoppix build. Check out here http://www.e-fense.com/helix/

    All you do it download this image, burn it to CD, boot the CD up on the system you want to analyze, mount the local file system (mount /dev/hda1 /mnt/hda1), and use the tools.

    If you need to transfer files from it to another location just hook up an external drive (USB,etc) that has a FAT/FAT32 partition on it and save stuff to it.

    Hope this helped more than confuse.

  4. #4
    Senior Member Cope57's Avatar
    Join Date
    Nov 2003
    Posts
    195
    Computers do not have problems, they have users.
    ~Cope57

  5. #5
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    hmmm didn't I start a thread for requesting tools from people? look deeper in this forum silent-mage...
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  6. #6
    silent-mage wrote:
    "....software that i could research and get some information on".

    Answer:
    The Coroners Tool Kit, you can locate the information here:
    http://www.fish.com/tct/

  7. #7
    Junior Member
    Join Date
    Dec 2004
    Posts
    3
    I am really surprised know one mentioned www.foundstone.com for forensic software.

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    http://www.ultimatebootcd.com/ UBCD has INSERT as well, if you download that ISO. Very similar to many of the others mentioned, Knoppix, etc. The only commercial app I am familiar with is EnCase from guidance...been around for years, has a decent following in the Law Enforcement/Government sectors.

    Link to insert => http://www.inside-security.de/insert_en.html
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    Senior Member
    Join Date
    Dec 2004
    Posts
    104

    Hrrm...

    I use USB memory keys to keep most of my 'tools' (and have one for Helix atm).

    I'm curious as to which Linux forensic OS more people would recommend, between Helix and INSERT?

    Just curious.
    http://www.AntiOnline.com/sig.php?imageid=745
    http://www.AntiOnline.com/sig.php?imageid=746
    -- Be a part of the team! Join Protochaderin and help us build the game you want to play! --
    - http://img.photobucket.com/albums/v6...m/devlogo2.gif -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •