Some online resources that will help you the most suitable IT forensic for each case

Every now and then, forensic experts or just curious novices will have to investigate technologies using tools that are not always readily available. For that reason, this post explores simple ways that will help you find the right tools for each occasion.

Of course, you can always do an internet search for what you need, but there is so much information available online that the challenge often lies in knowing how to filter it.

Below we provide some very useful options that will help you find specific software tools from their official repositories.

NIST catalog of IT forensic tools

Using the portal of the US National Institute of Standards and Technology (NIST), you will find clear classifications that facilitate easy searches of the different forensic tools filtered by functionality.

- repositorio herramientas inform  tica forense a 1024x670 - How to find forensic computer tools for each incident

NIST Repository (US National Institute of Standards and Technology)

As you can see in the image, the catalog can be searched by technical parameters based on specific digital forensic functions, such as Disk Imaging or Deleted File Recovery. Within each category you will find everything from analysis tools for Cloud Services to Drone and Vehicle Forensics, as well as categories such as Data Analytics, Database Forensics, Deleted File Recovery, Disk Imaging, Email Parsing, Hash Analysis, Image Analysis (Video & Graphics Files), Instant Messenger, Memory Capture and Analysis, Mobile , VoIP Forensics, WiFi Forensics, etc.

This catalog was developed jointly by several US agencies, such as the Department of Homeland , the Office of Science and Technology Policy, the National Cyber Division, and the Forensics Tool Testing Program of the National Institute of Standards and Technology.

The portal is divided into three sections: a search function for finding tools; a page for providers to enter information about their tools; and a description of functions and technical parameters.

- repositorio herramientas inform  tica forense b - How to find forensic computer tools for each incident

Search result for forensic analysis tools for cloud services

In the image above you can see the search result for forensic analysis tools for cloud services, and in the image below, a result linked to the Microsoft Registry.

- repositorio herramientas inform  tica forense c - How to find forensic computer tools for each incident

Search result for analysis tools for the Windows Registry – 11 tools found

It should be noted that the providers enter the information for each tool. The portal clarifies that any mention of a product, whether commercial or not, is for information purposes only and does not imply that a product has been tested.

This compendium of tools also provides a general overview of digital forensic analysis tools, and shows where gaps exist; i.e., functions for which no tools have been developed so the analysis may be more complex or purely manual.

DFIR Training catalog of IT forensic tools

Another very interesting option is available from the DFIR community, which offers a very comprehensive portal with a large amount of resources for responding to forensic incidents. In addition to a search option with a very user-friendly graphic interface, it allows users to leave reviews of the tools available.

- repositorio herramientas inform  tica forense d - How to find forensic computer tools for each incident

DFIR Training search option

It also has a utility for viewing applications with the most ratings, the most downloaded, the most up-to-date, etc.

- repositorio herramientas inform  tica forense e 1024x480 - How to find forensic computer tools for each incident

Information about applications with the most ratings, the most downloaded, recently updated, etc

On top of that, it has plenty of resources for testing tools, as well as quick guides and infographics.

And we mustn’t forget to mention that many of the Linux distributions aimed at pentesting have the most used tools, as you can see in the images below.

- repositorio herramientas inform  tica forense f - How to find forensic computer tools for each incident

Volatility: a classic for ram memory analysis. It’s executed from a terminal

- repositorio herramientas inform  tica forense g - How to find forensic computer tools for each incident

Autopsy: another classic available in several Linux distributions such as Kali

Lastly, it is important to remember that in many cases, the tools that you need are already configured and preinstalled on distributions more specifically aimed at forensic analysis, such as DEFT. Before using them, I recommend that you read up a little about how to use them, best practices, and update to the latest version available.

And so you have no more excuses. Throughout this post we have showed you where to find the tools and resources you need to start practicing or perfecting your skills in this exciting world of forensic analysis.






Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here