Doing forensic investigations and incident response one of the most important things is to keep a good toolbox. If you have a good basic set of tools that you know well it is better than a lot of tools that you’re barely able to use.
I thought I’d share some of the tools I use for forensic investigations. This is not a complete list, but it is the basic set of tools I use nearly every time I do forensic stuff.
- dd command from linux to aquire images.
- dd_rescue for those hard to image disks with strange errors, or doing data recovery.
- The Sleuth Kit by Brian Carrier, for doing actual investigations
- Autopsy Browser by Brian Carrier, which reduces the complexity of the Sleuth Kit
- RegRipper by Harlan Carvey, very useful to dig out information from the registry.
I’ve created a page on this site where I’ll update the tools list as I remeber them and use them. But the above are the basic tools I use a lot.