List of digital forensics tools

During the 1980s, most of digital forensic investigations consisted of "live analysis", examining digital media directly using non-specialist tools. In the 1990s several commercial and freeware tools (both hardware and software) were created to allow investigations to take place without modifying media. This first set of tools mainly focused on computer forensics, although in recent years similar tools have evolved for the field of mobile device forensics.^[1]

Computer forensics

Main article: computer forensics

Name	Platform	License	Version	Description
SANS Investigative Forensics Toolkit - SIFT	Ubuntu		2.1	Multi-purpose forensic operating system
WindowsSCOPE	Windows	commercial	1.0	Memory forensics and live analysis, cyber security; includes hardware based capture.
EnCase	Windows	commercial	6.18	Multi-purpose forensic tool
FTK	Windows	commercial	3.2	Multi-purpose tool, commonly used to index acquired media.
Digital Forensics Framework	Windows / Linux / MacOS	GPL	1.1	DFF is both a digital investigation tool and a development platform
PTK Forensics	LAMP	free/commercial	2.0	GUI for The Sleuth Kit
The Coroner's Toolkit	Unix-like	IBM Public License	1.19	A suite of programs for Unix analysis
COFEE	Windows	Proprietary	n/a	A suite of tools for Windows developed by Microsoft, only available to law enforcement
The Sleuth Kit	Unix-like/Windows	IPL, CPL, GPL	3.1.1	A library of tools for both Unix and Windows
Categoriser 4 Pictures[2]	Windows	Free	4.0.2	Image categorisation tool develop, available to law enforcement
Paraben P2 Commander	Windows	Commercial	n/a	General purpose forensic tool
Open Computer Forensics Architecture	Linux	LGPL/GPL	2.3.0	Computer forensics framework for CF-Lab environment
SafeBack[3]	N/a	commercial	3.0	Digital media (evidence) acquisition and backup
Windows To Go	n/a	commercial	n/a	Bootable operating system
Forensic Assistant	Windows	commercial	1.2	User activity analyzer(E-mail, IM, Docs, Browsers), plus set of forensics tools
PeerLab	Windows	commercial	1.13	FileSharing and "Instant Messaging"-analyzer
OSForensics	Windows	free/commercial	0.99f	General purpose forensic tool for E-mail, Files, Images & browsers.
X-Way Forensics	Windows	commercial	16.1	General purpose forensic tool based on WinHex hex editor.
bulk_extractor	Windows, Linux	Public Domain	1.1	Stream-based forensic feature extraction of e-mail addresses, phone numbers, urls and other identified objects.

Mobile device forensics

Main article: mobile device forensics

Mobile forensics tools tend to consist of both a hardware and software component. Mobile phones come with a diverse range of connectors, the hardware devices support a number of different cables and perform the same role as a write blocker in computer devices.

Name	Platform	License	Version	Description
Cellebrite Mobile Forensics[4]	Windows	Commercial		Universal Forensics Extraction Device - Hardware and Software
Radio Tactics Aceso[4]	Windows	Commercial		"All-in-one" unit with a touch screen
Paraben Device Seizure[4]	Windows	Commercial		Hardware/Software package
MicroSystemation XRY/XACT[4]	Windows	Commercial		Hardware/Software package, specialises in deleted data
Oxygen Forensic Suite (former Oxygen Phone Manager[4])	Windows	Commercial		Smart forensics for smartphones
MOBILedit! Forensic[4]	Windows	Commercial		Hardware-Connection kit/Software package

Other

Name	Platform	License	Version	Description
HashKeeper	Windows	free	n/a	Database application for storing file hash signatures
Evidence Eliminator	Windows	commercial	6.03	Anti-forensics software, claims to delete files securely
DECAF	Windows	free	n/a	Tool which automatically executes a set of user defined actions on detecting Microsoft's COFEE tool

References

1. ^ Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4. http://books.google.co.uk/books?id=Xo8GMt_AbQsC. 
2. ^ Sanderson, P (December 2006). "Mass image classification". Digital Investigations 3 (4): 190–195. doi:10.1016/j.diin.2006.10.010. 
3. ^ Mohay, George M. (2003). Computer and intrusion forensics. Artechhouse. p. 395. ISBN 1580533698. 
4. ^ ^{a b c d e f} Mislan, Richard (2010). "Creating laboratories for undergraduate courses in mobile phone forensics". Proceedings of the 2010 ACM conference on Information technology education (ACM): 111–116. http://portal.acm.org/citation.cfm?id=1867651.1867680. Retrieved 29 November 2010. "Among the most popular tools are products named MicroSystemation GSM .XRY and .XACT, Cellebrite UFED, Susteen Secure View2, Paraben Device Seizure, Radio Tactics Aceso, Oxygen Phone Manager, and Compelson MobilEdit Forensic"