Top 3 Forensic Tools For Linux Users

Computer forensics and evidence management are the most important topic and very important aspect when we talk about computer crimes. Ethical hacking and intrusion management used to protect the system, but if the incident happened, then you need to investigate it. Here computer forensic comes. We have also created a free computer forensics training course for everyone to get the basic understanding of the process, methodology and tools used while conducting a digital investigation.

Anyway, in this story, you will find the basic introduction of the top 3 forensic tools.

•     Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
•     Access to local and remote devices: Disk drives, removable devices, remote file systems
•     Virtual machine disk reconstruction: VMware (VMDK) compatible
•     Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats
•     Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
•     Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags, time-line
•     Recover is hidden and deleted artefacts: Deleted files/folders, unallocated spaces, carving
•     Volatile memory forensics: Processes, local files, binary extraction, network connections

•    “Knock-and-talk” inquiries and investigations
•     on-site or remote preview of a target system
•     post-mortem analysis of a dead system
•     testing and verification of other forensic programs
•     conversion of proprietary “evidence file” formats
•     baselining of a system