Anyway, in this story, you will find the basic introduction of the top 3 forensic tools.
The Sleuthkit & Autopsy
For detail tutorial, please join the free forensics class here.
The Sleuthkit is a free open source suite of forensic utilities that has a GUI called Autopsy. This tool suite has strong support for Linux file systems and can be used to examine the full details of inodes and other data structures. The Sleuthkit has a plugin framework that supports automated processing. The Autopsy GUI for The Sleuthkit is shown here with a Linux file system:
Digital Forensics Framework
DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
- Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
- Access to local and remote devices: Disk drives, removable devices, remote file systems
- Read standard digital forensics file formats: Raw, Encase EWF, AFF 3 file formats
- Virtual machine disk reconstruction: VmWare (VMDK) compatible
- Windows and Linux OS forensics: Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
- Quickly triage and search for (meta-)data: Regular expressions, dictionaries, content search, tags, time-line
- Recover hidden and deleted artifacts: Deleted files / folders, unallocated spaces, carving
- Volatile memory forensics: Processes, local files, binary extraction, network connections
SMART for Linux
- “Knock-and-talk” inquiries and investigations
- on-site or remote preview of a target system
- post mortem analysis of a dead system
- testing and verification of other forensic programs
- conversion of proprietary “evidence file” formats
- baselining of a system