Digital Forensics Tools

Digital Forensics mindmap:

https://github.com/Ignitetechnologies/Mindmap/blob/main/Forensics/Digital Forensics Tools HD.png

https://dfircheatsheet.github.io/

What is Digital Forensics?

Digital Forensics is the application of scientific methods in preserving, recovering, and investigating digital evidence in a Digital crime scenario. It can be correctly defined as, collection, examination, analysis, and documentation by using scientifically proven methods to investigate a digital crime and present it before the court.

Classification of Digital Forensics:

Computer Forensics: It is the most primitive type of digital forensics which usually was introduced in the early evolution of computer systems. It includes investigating computers, laptops, logs, USB drives, hard drives, Operating systems, etc.
Network Forensics: It includes investigating by analyzing network events, intrusion, and data packets that were transmitted to detect network attacks.
Multimedia Forensics: It comprises of investigation of images, audio, and video files that are recovered as evidence at a digital crime scene.
Mobile Forensics: It comprises of investigation of smartphones like Android, iOS, etc. for finding digital evidence and recovering the deleted data important for the case.
Memory Forensics: It is the forensic investigation of the memory or ram dump of the system to find out volatile memory like chat history, clipboard history, browser history, etc.
Cloud Forensics: Considering that virtual storage is in demand, the investigation of the cloud environment also plays a key role in a digital crime scene for gathering evidence.
IoT Forensics:
Web Forensics:
Email Forensics:

Goals of Digital Forensic Investigation:

⇒What is the crime and evidence?

⇒Where can be found?

⇒When was the crime committed?

⇒Who is the culprit of the crime?

⇒How was the crime committed?

Digital Evidence:

Digital evidence, also known as electronic evidence, is any probative information stored, in binary form, or transmitted in digital form that a party to a court case may use at trial.

Examples of digital evidence include, but are not limited to, e-mails, digital photographs, ATM transaction logs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or audio files.

Examples of where digital evidence is found include, but are not limited to, hard drives, floppy drives, Zip disks, Jaz disks, Flash Memory cards, magnetic tapes, cellular telephones, Personal Data Assistants (PDA), and any memory developed for the storage of electronic data or information.

50 Top Digital Forensics Tools

Network Forensic Tools

Nmap
Wireshark
Xplico
Snort
TCPDump
The Slueth Kit
BruteShark

Mobile Forensics Tools

Elcomspoft iOS Forensic Toolkit
Mobile Verification Toolkit
Oxygen Forensic
MOBILedit
Cellebrite UFED
MSAB XRY
Avilla

Malware Analysis Tools

Wireshark
YARA
Malwarebytes
VirusTotal
Cuckoo Sandbox
IDA Pro
Remnux VM

Data Recovery Tools

Recuva
EaseUS Data Recovery
TestDisk
Stellar Data Recovery
PhotoRec
Disk Drill

Email Forensic Tools

MailXaminer
MailPro+
Xtraxtor
Aid4Mail
eMailTrackerPro
Autopsy

OSINT Tools

Maltego
Nmap
OSINT Framework
Shodan
Recon-ng
TheHavester

Live Forensics Tools

OS Forensics
Encase Live
CAINE
F-Response
Kali Linux Forensic Mode

Memory Forensics Tools

Volatility
DumpIt
memDump
Access data FTK Imager
Hibernation Recon
WindowSCOPE

Cloud Forensic Tools

Magnet AXIOM
MSAB XRY Cloud
Azure CLI

10 Free Forensic Investigation Tools