Top 3 Forensic Examination Tools for Linux

Computer forensics and evidence management are the most important topic and very important aspect, when we talk about computer crimes. Ethical hacking and intrusion management used to protect the system, but if the incident happened, then you need to investigate it. Here computer forensic comes. We have also created a free computer forensics training course for everyone to get the basic understanding of the process, methodology and tools used while conducting a digital investigation.

Anyway, in this story, you will find the basic introduction of the top 3 forensic tools.

The Sleuthkit & Autopsy

For detail tutorial, please join the free forensics class here.

www.sleuthkit.org

The Sleuthkit is a free open source suite of forensic utilities that has a GUI called Autopsy. This tool suite has strong support for Linux file systems and can be used to examine the full details of inodes and other data structures. The Sleuthkit has a plugin framework that supports automated processing. The Autopsy GUI for The Sleuthkit is shown here with a Linux file system:

Digital Forensics Framework

For detail tutorial, please join the free forensics class here:
http://www.digital-forensic.org/

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
  •     Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
  •     Access to local and remote devices: Disk drives, removable devices, remote file systems
  •     Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats
  •     Virtual machine disk reconstruction: VmWare (VMDK) compatible
  •     Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
  •     Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags, time-line
  •     Recover hidden and deleted artifacts: Deleted files / folders, unallocated spaces, carving
  •     Volatile memory forensics: Processes, local files, binary extraction, network connections

SMART for Linux

http://www.asrdata.com
SMART is a software utility that has been designed and optimized to support data forensic practitioners and Information Security personnel in pursuit of their respective duties and goals.
SMART is more than a stand-alone data forensic program. The features of SMART allow it to be used in many scenarios, including:
  •    “Knock-and-talk” inquiries and investigations
  •     on-site or remote preview of a target system
  •     post mortem analysis of a dead system
  •     testing and verification of other forensic programs
  •     conversion of proprietary “evidence file” formats
  •     baselining of a system

Conclusion:

No matter what tool or set of tools are you using, the approach is very important. Your methodology, process, chain of custody and maintaining the integrity of the data is crucial, otherwise you will have nothing in your hands as an evidence. So training is crucial, you need to develop your profile and you need to work with your master so that you will become the master.
Join the Free Computer Forensics Class started by Ehacking!

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.