This is a list of tools I use for Forensic stuff and incident handling. I’ll keep adding to the list along the way so stay tuned.
I use both Windows, Mac OSX and Linux platforms to do my work (I’m a heavy VMware user :)). This means that this list contains tools that will run (or exists) on all platforms or and tools that will only run on one platform. I’ve marked the tools with the platform I use it the most, but that does not mean that there isn’t an equivalent or alternative on another platform.
- dd command from linux to aquire images. (Linux)
- dd_rescue for those hard to image disks with strange errors, or doing data recovery. (Linux)
- The Sleuth Kit by Brian Carrier, for doing actual investigations (Linux)
- Autopsy Browser by Brian Carrier, which reduces the complexity of the Sleuth Kit. (Linux for the server part)
- RegRipper by Harlan Carvey, very useful to dig out information from the registry. (Windows)