I haven’t seen any open source tools that rival EnCase and FTK for managing a case and doing actual analysis work. Guidance has a team of attorneys that are ready to hop on a plane and testify in court on the solidity of EnCase. This doesn’t happen as much any more, but in litigation, tools used to always get questioned in terms of repeatability and procedure. EnCase has been accepted as the industry standard, and is used by the Secret Service, FBI, Customs, etc. Today, I don’t know how feasible it is to rely on open source tools for more than one off tasks, like data carving, acquisition, and index.dat analysis as an example.
You have to know where all the artifacts are and what they mean, etc. It doesn’t have the “Press This To Solve Case” button just yet. You still need a great deal of knowledge and experience. Vijay, there are definitely open source tools that we use on a day to day basis, as well as write our own, but EnCase rules as far as most actual analysis work is concerned, with an occasional mix of FTK. SANS SIFT Workstation (only available to portal members)īAckTrack (**will mount drives, but has forensic tools)
PRODISCOVER BASIC REPORT COMPARED TO FTK DEMO REPORT FREE
I put together a list of free tools in a couple different categories.
Someone had suggested an overview of forensic tools. In November I did a presentation at the monthly NebraskaCert Cyber Security Forum. Its a really good building block, when i find more resources ill add them =) If you have one you would like to list just post! Matt Churchill over at Binary Intelligence has put together a listing of tools for forensics.