The computer is a reliable witness that cannot lie. Digital evidence contains an unfiltered account of a suspect’s activity, recorded in his or her direct words and actions. But, some people say that using digital information as evidence is a bad idea. If it’s easy to change computer data, how can it be used as reliable evidence?
To identify all the hidden details that are left after or during an incident, the computer forensics is used. The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial.
Computers are getting more powerful day by day, so the field of computer forensics must rapidly evolve. Previously, we had many computer forensic tools that were used to apply forensic techniques to the computer. However, we have listed few best forensic tools that are promising for today’s computers:
- SANS SIFT
- ProDiscover Forensic
- Volatility Framework
- The Sleuth Kit (+Autopsy)
- X-Ways Forensics
The SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu-based Live CD which includes all the tools you need to conduct an in-depth forensic or incident response investigation. The free SIFT toolkit that can match any modern incident response and forensic tool suite is also featured in SANS’ Advanced Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
It supports analysis of Expert Witness Format, Advanced Forensic Format (AFF), and RAW (dd) evidence formats. It also includes tools such as timeline from system logs, Scalpel for data file carving, Rifiuti for examining the recycle bin, and lots more.
Key new features of SIFT include:
- Ubuntu LTS 14.04 Base.
- 64-bit base system.
- Better memory utilization.
- Auto-DFIR package update and customizations.
- Latest (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Irfan Shakeel. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PK9Srp1p5TU/