Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media. Being able to preserve and analyze data in a safe and non-destructive way is crucial when using digital evidence as part of an investigation, and even more so when a legal audit trail needs to be maintained. Digital forensics can be used in a wide range of investigations such as computer intrusion, unauthorised use of computers including the violation of an organisation’s internet-usage policy, gathering intelligence from documents and emails, as well as the protection of corporate assets.
We have extolled the virtues of open source software in many of our previous articles. The debate between open source and closed source software has often centered on factors such as freedom, reliability, interoperability and open standards, support, and philosophy.
In this instance, open source software offers a legal benefit, as it can increase the admissibility of digital forensic evidence. This is because open source tools enable the investigator and court to verify that a tool does what it claims and makes it easier to prove that the original drive has not been modified, or that a copy has not been modified.
|Digital Forensics Tools|
|GRR Rapid Response||Incident response framework focused on remote live forensics|
|Radare2||Portable reversing framework|
|The Sleuth Kit||Library and collection of command line tools to investigate disk images|
|Autopsy||Digital forensics platform and graphical interface to The Sleuth Kit|
|Volatility||Extraction of digital artifacts from volatile memory (RAM) samples|
|dcfldd||Enhanced version of dd with features useful for forensics and security|
|Are you interested in learning the art of programming? There are lots of excellent free and open source programming books that teach you how to program in every popular programming language. Read these Free Books.|