Top Cyber Forensic Tools

Cyber forensic is a field that is increasingly getting noted on higher levels so be it for solving a local crime or be it that interests the security factors of a country. Let us look at some of the best forensic tools used to investigate cases related to cyber crime or those that are used for scientific purposes.
| Thursday, January 08, 2009
Cyber forensic is an interesting domain which is coupled with technical advances and the ability to use them effectively. Cyber forensic primarily is used in the investigation of cyber crimes (i.e., crimes that occur over and on the technology front). However this need not be the case, since most forensic techniques and tools are also used for scientific purposes and research. With serious issues like terrorism that threaten the national integrity of a country it is only wise to learn and know the tools of the trade that terrorists use against the state. Cyber forensic tools aid not only in investigating crime cases but also for drafting and creating hard evidences for the same. Let us evaluate just some of these tools that have been used since long by forensic investigators, scientists and some notorious elements alike:

X-Ways WinHex
WinHex is used as a universal hexadecimal editor and is primarily useful in low-level data processing, file inspection, digital camera card recovery, recovery of files even from corrupt files systems, etc. This is one heck of a powerful tool and can especially be used in gathering digital evidence.

FirstOnScene (FOS)
FOS is the only one tool of its kind. It is rather a visual basic script code than a executable binary file. First On Scene works with other tools such as PSTools, LogonSessions, FPort, NTLast, PromiscDetect, FileHasher, etc. to gather an evidence log report. This log report can further be analyzed by forensic experts to extract important information.

Rifiuti is a unique tool that aids investigators in finding the very last details of your system's recycle bin folders. Rifiuti is useful to gather critical information on all your delete and undelete activities.

Pasco is a Latin word for "browse". Pasco helps in the analysis of the contents of internet explorer's cache. So in short it can be particularly useful to gather internet activity records from a target computer.

Galleta is a Spanish word that means "cookie". Galleta is useful in examining the contents of cookie files on your machine. Cookie files are basically temporary internet files used by websites to maintain their indigenous logs for tracking and other such purposes.

Forensic Acquisition Utilities (FAU)
Forensic Acquisition Utilities is a set of forensic tools such as md5 checker, file wiper, etc. used for assorted purposes in research and investigation.

NMap is particularly associated with network security. NMap is a port scanner tool that helps find open ports on a remote machine. What separates NMap from other tools is its ability to evade source machine identity and to work without causing any Intrusion Detection System (IDS) alarms to go of.

Ethereal is another network security tool which is not a port scanner but rather a network packet sniffer. Ethereal sniffs data packets over the network and can provide investigators with incoming/outgoing data that is sent over a network. However, ethereal itself cannot be useful in cases where strong encryption algorithms are in place at the source and destination computers.

BinText does not directly investigate but can be useful to browse through gathered evidence files such as that of log files generated by other forensic tools. BinText can be used for pattern matching and filtering these log files.

PyFlag Tools
PyFlag are a couple of tools used for log analysis and can be a very effective tool for investigators if coupled and used with other forensic tools.

Miscellaneous Steganography Tools
Steganography is out of the scope of this article however they cannot be ruled out from the forensic dimension. Steganography is an art to deceive by embedding text or data files in an image file. Various steganography tools help achieve just that. There are some tools however that help in detecting such injections. Recently, hackers and malicious users have been coming up with ideas to inject data files not just in image files but also music and video files and to our much discomfort they have been sucessful with these attempts.

(Disclaimer: This article reflects the power and depth of cyber forensic tools and their possible usage however it is written keeping in mind its educational need. I would not be held responsible for any damages or their illegal usage and the resulting eventualities that arise.)
Subscribe to RSS Feed
Subscribe to RSS feed for Computer Forensics category.
Search Articles