Forensic Basic Tools

Doing forensic investigations and incident response one of the most important things is to keep a good toolbox. If you have a good basic set of tools that you know well it is better than a lot of tools that you’re barely able to use.

I thought I’d share some of the tools I use for forensic investigations. This is not a complete list, but it is the basic set of tools I use nearly every time I do forensic stuff.

  • dd command from linux to aquire images.
  • dd_rescue for those hard to image disks with strange errors, or doing data recovery.
  • The Sleuth Kit by Brian Carrier, for doing actual investigations
  • Autopsy Browser by Brian Carrier,¬†which reduces the complexity of the Sleuth Kit
  • RegRipper by Harlan Carvey, very useful to dig out information from the registry.

I’ve created a page on this site where I’ll update the tools list as I remeber them and use them. But the above are the basic tools I use a lot.

    This entry was posted in Forensics and tagged , , . Bookmark the permalink.

    Leave a Reply

    Your email address will not be published. Required fields are marked *