Tools

Useful Tools

1. FAW

FAW (Forensics Acquisition of Websites) is to acquire web pages for forensic investigation which has the following features.

• Capture the entire or partial page
• Capture all types of image
• Capture HTML source code of the web page
• Integrate with Wireshark

2. Encrypted Disk Detector

Encrypted Disk Detector can be helpful to check encrypted physical drives. It supports TrueCrypt, PGP, BitLocker, Safeboot encrypted volumes.

3. Wireshark

Wireshark is a network capture and analyzer tool to see what’s happening in your network. Wireshark will be handy to investigate network related incident.

4. Magnet RAM Capture

You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory.

It supports Windows operating system.

5. Network Miner

An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions and open ports through packet sniffing or by PCAP file. Network Miner provides extracted artifacts in an intuitive user interface.

6. NMAP

NMAP (Network Mapper) is one of the most popular networks and security auditing tools. NMAP is supported on most of the operating systems including Windows, Linux, Solaris, MAC OS, HP-UX, etc. It’s open source so free.

7. RAM Capturer

RAM Capturer by Belkasoft is a free tool to dump the data from computer’s volatile memory. It’s compatible with Windows OS. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services.

8. Forensic Investigator

If you are using Splunk, then Forensic Investigator will be a convenient tool. It’s Splunk app and has many tools combined.

9. HashMyFiles

HashMyFiles will help you to calculate the MD5 and SHA1 hashes. It works on almost all latest Windows OS.