Open Source Computer Forensics Investigations

Open Source Computer Forensics Investigations

The world of #computer forensics -- like all things computer -- is rapidly developing and changing. While commercial investigative software packages exist, like EnCase by Guidance Software and FTK by AccessData, there are other #software platforms which offer a solution for obtaining computer forensic results. Unlike the two aforementioned packages, these open sources alternatives do not cost hundreds of dollars -- they are free to download, distribute and use under various open source licenses.

Computer Forensics is the process of obtaining information from a @computer system. This #information may be obtained from a live system (one that is up and running) or a system which has been shut down. The process typically involves taking steps to obtain a copy, or an image of the target system (often times an image of the hard drive is obtained, but in the case of a "live" system, this can even be the other memory areas of the computer).

After making an exact "image" or copy of the target, in which the copy is verified by "checksum" processes, the computer specialist can begin to examine and obtain a wide range of data. This copy is obtained through write protected means to preserve the integrity of the original evidence. Information like pictures, videos, documents, browsing history, email addresses, and phone numbers are just some of the information (or evidence if being collected for possible court purposes), which can often be obtained. Even deleted elements are often retrievable.

Some of open source packages available for free download include SANs SIFT (SANS Investigative Forensic Toolkit), DEFT (Digital Evidence & Forensics Toolkit), and CAINE (Computer Aided INvestigative Environment) bootable CD's. These powerful packages are built upon a Linux Ubuntu windows type (graphical environment) operating system and feature dozens of tools, with each disk containing many of the same open source tools, offering similar capabilities. Some of these tools are The Sleuth Kit (a complete platform in and of itself), Photorec (great for recovering all sorts of deleted files), Scalpel (another deleted file recovery tool), Bulk Extractor (bulk email and URL extraction tool), Chntpw (a utility to reset the password of any user that has a valid local account on a Windows NT/2k/XP/Vista/7/8 system), Gparted (a partition editor for creating, reorganizing, and deleting disk partitions), and Log2timeline (a timeline generation tool).

So if you have an interest in things technical, download one of these disks and start becoming a computer sleuth today.

Views: 228
Author: Regular Articles
Contact AIP investigations if you need assistance to retrieve critical deleted computer files today at
Tell a friend
Average rating:
(1 votes)

Hezbollah buries militant Qantar, says Israel will be held accountable

Lebanon's Hezbollah group said on Monday that Israel would be held accountable for killing prominent militant Samir Qantar in an air strike in Syria, and accorded him an elaborate funeral of... Read More

Russia says black box from warplane downed by Turkey unreadable

Investigators in Moscow said on Monday they were unable to retrieve information from the damaged black box of a Russian warplane shot down by Turkey last month, data the Kremlin hoped would support... Read More

Exclusive: U.S. glossed over Oman's human rights record during Iran talks

By Jason Szep, Matt Spetalnick and Yara Bayoumy WASHINGTON/MUSCAT (Reuters) - As the United States negotiated this year’s nuclear pact with Iran, the State Department quietly agreed to spare the... Read More