Subscribe by RSS
What data recovery tools to buy if you want to start a data recovery business?
Free video data recovery training on how to recover lost data from different hard drives?
Where to buy head and platter replacement tools at good prices?
Data recover case studies step by step guide
I want to attend professional data recovery training courses
Acquisition Tools
Title: Forensic Acquisition Utilities Author: George Garner
Description: A collection of Windows tools such as ‘dd.exe’, ‘md5sum.exe’, ‘wipe.exe’, and ‘nc.exe’. The version of ‘dd’ in this package can also image memory contents in addition to disks.
Website: http://users.erols.com/gmgarner/forensics/
Source: http://users.erols.com/gmgarner/forensics/
Title: FTimes Author: Klayton Monroe
Description: FTimes is a system baselining and evidence collection tool. The primary purpose of ftimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.
Website: http://ftimes.sourceforge.net/FTimes/index.shtml
Source: http://sourceforge.net/project/showfiles.php?group_id=41134
Title: liveview Author: CERT
Description: Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to “boot up” the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because
Website: http://liveview.sourceforge.net/
Title: netcat Author: hobbit
Description: Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It can be used on a trusted server to save data from a suspect system and can be used on the suspect system to send the output of tools to the server instead of writing to the suspect disk.
Website: http://www.atstake.com/research/tools/network_utilities/
Source: http://www.atstake.com/research/tools/network_utilities/
Title: pdd Author: Joe Grand
Description: pdd (Palm dd) is a Windows-based tool for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or “snapshot” of the Palm device’s memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors.
Website: [no longer exists]
Source: [local copy]
Title: ProDiscover DFT Author: Technology Pathways LLC
Description: ProDiscover DFT offers forensics examiners a completely integrated Windows application for the collection, analysis, management and reporting of computer disk evidence at an affordable price.
Website: www.techpathways.com
Source: www.techpathways.com (Requires the purchase of an Enterprise License)
Title: psloggedon Author: Mark Russinovich (sysinternals.com)
Description: PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one.
Website: http://www.sysinternals.com/ntw2k/freeware/psloggedon.shtml
Source: http://www.sysinternals.com/ntw2k/freeware/psloggedon.shtml
Title: TULP2G Author: Netherlands Forensic Institute (NFI)
Description: TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices. Besides the framework, it is distributed along with several plug-ins to read data from digital devices (at this point, mobile phones and SIM cards).
Website: http://sourceforge.net/projects/tulp2g/
Source: http://sourceforge.net/project/showfiles.php?group_id=119389
Title: UnxUtils Author: Karl Syring
Description: Ports of GNU tools, including ‘dd’, that do not need special DLLs.
Website: http://unxutils.sourceforge.net
Source: http://unxutils.sourceforge.net (via CVS)
Title: Webjob Author: Klayton Monroe
Description: WebJob downloads a program over HTTP/HTTPS and executes it in one unified operation. The output, if any, may be directed to stdout/stderr or a Web resource. WebJob may be useful in incident response and intrusion analysis as it provides a mechanism to run known good diagnostic programs on a potentially compromised system.
Website: http://webjob.sourceforge.net/WebJob/index.shtml
Source: http://sourceforge.net/project/showfiles.php?group_id=40788
Media Management Analysis Tools
Title: TestDisk Author: Christophe Grenier
Description: Tool to check and undelete partition. Works with the following partitions: FAT12 FAT16 FAT32, Linux EXT2/EXT3, Linux SWAP (version 1 and 2), NTFS (Windows NT/W2K/XP), BeFS (BeOS), UFS (BSD), Netware, and ReiserFS.
Website: http://www.cgsecurity.org/testdisk.html
Source: http://www.cgsecurity.org/testdisk.html
File System Analysis Tools
Title:Explore2fs Author: John Newbigin
Description: Explore2fs allows you to view the contents of an Ext2FS partition from within Windows.
Website: http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm
Source: http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm
Title: ProDiscover DFT Author: Technology Pathways LLC
Description: ProDiscover DFT offers forensics examiners a completely integrated Windows application for the collection, analysis, management and reporting of computer disk evidence at an affordable price.
Website: www.techpathways.com
Source: www.techpathways.com (Requires the purchase of an Enterprise License)
Application Analysis Tools
Title:Event Log Parser Author:Jamie French
Description: A PHP script to parse through Windows event logs.
Website: http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
Source: http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
Title: Galleta Author: Keith Jones
Description: Galleta, the Spanish word meaning “cookie”, was developed to examine the contents of the cookie files. Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
Website: http://www.foundstone.com/resources/proddesc/galleta.htm
Source: http://sourceforge.net/project/showfiles.php?group_id=78332&release_id=152412
Title: libpff Author: Joachim Metz
Description: The libpff package contains a shared library and tooling to analyse Microsoft Outlook Personal Folder Files (PAB, PST and OST). PFF files are used to store e-mails, appointments, contacts, notes, tasks, etc. libpff provides:
* pffexport to export PFF items
* pffinfo to provide basic information about PFF files
* pffrecover to recover and export PFF items
Website: http://libpff.sourceforge.net
Title: md5deep Author: Jesse Kornblum
Description: md5deep is an MD5 program that can compute recursively, compare hashes with a database, and estimates the time to completion.
Website: http://md5deep.sourceforge.net/
Source: http://md5deep.sourceforge.net/
Title: MD5summer Author: Luke Pascoe
Description: MD5summer is an application for Microsoft Windows 9x, NT, ME, 2000 and XP which generates and verifies md5 checksums. Its output file is compatible with the output of the Linux GNU MD5Sum and it will also read Linux generated files.
Website: http://www.md5summer.org/
Source: http://www.md5summer.org/download.html
Title: Outport Author: chief1ic
Description: Outport provides a means of migrating information from Microsoft Outlook to Ximian Evolution and several standard data formats.
Website: http://outport.sourceforge.net/
Source: http://outport.sourceforge.net/
Title: Pasco Author: Keith Jones
Description: Pasco, the latin word meaning “browse”, was developed to examine the contents of Internet Explorer’s cache files. Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
Website: http://www.foundstone.com/resources/proddesc/pasco.htm
Source: http://sourceforge.net/project/showfiles.php?group_id=78332&release_id=152387
Title: ProDiscover DFT Author: Technology Pathways LLC
Description: ProDiscover DFT offers forensics examiners a completely integrated Windows application for the collection, analysis, management and reporting of computer disk evidence at an affordable price.
Website: www.techpathways.com
Source: www.techpathways.com (Requires the purchase of an Enterprise License)
Title: RegRipper Author: Harlan Carvey
Description: The RegRipper is an open-source application for extracting, correlating, and displaying specific information from Registry hive files from the Windows NT (2000, XP, 2003, Vista) family of operating systems.
Website: http://windowsir.blogspot.com/2008/04/updated-regripper.html
Title: Rifiuti Author: Keith Jones
Description: Rifiuti, the Italian word meaning “trash”, was developed to examine the contents of the INFO2 file in the Recycle Bin. Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
Website: http://www.foundstone.com/resources/proddesc/rifiuti.htm
Source: http://sourceforge.net/project/showfiles.php?group_id=78332&release_id=152410
Network Analysis Tools
Title: Network Miner Author: Erik Hjelmvik
Description: NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
Website: http://networkminer.sourceforge.net/
Analysis Frameworks
Title: DFF (Digital Forensics Framework) Author: Solal Jacob
Description: DFF is multi-platform and open-source, user and developers oriented, provide many features and is very modular. Our goal is to provide a real framework to the forensic community, so people can use only one tool during the analysis.
Website: http://www.digital-forensic.org
Title: LibForensics Author: Michael Murr
Description: LibForensics is a Python framework for developing computer forensics applications. LibForensics also includes a series of demo tools that use the framework to extract information from various types of evidence/artifacts.
Website: http://www.libforensics.com
1 Comment
I would like to suggest a Windows Data Recovery Software named Stellar Phoenix Windows Data Recovery Software , a fast, reliable and easy to use data recovery software.