Directory
Forensic Toolkits
The Sleuth Kit
Visit the Product SiteThe @stake Sleuth Kit (TASK) allows an investigator examine the file systems of a suspect computer in a non-intrusive fashion. TASK is a collection of UNIX-based command line tools that can analyze NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems. TASK rea ...
EnCase Forensic Edition
Visit the Product SiteWith an intuitive, yet flexible GUI, and unmatched performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigation with accuracy and efficiency. Our award winning solution yields completely non-invasive ...
EnCase Enterprise Edition
Visit the Product SiteEnCase Enterprise Edition is a revolutionary solution providing a platform for comprehensive enterprise wide incident response, information auditing and forensic discovery. Leveraging the powerful functionality of Guidance Software's flagship product, EnC ...
Forensic Toolkit
Visit the Product SiteFull Text Indexing, Advanced Searching, INSO Viewers (Full & Thumbnail), KFF (Known File Filter), Hashing Verification, Preset Search Profiling, Encrypted File Identification, Deleted File Recovery, Audit Trail Capabilities, Enhanced Reporting, File Annot ...
The Coroners Toolkit
Visit the Product SiteTCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999 (handouts can be found here). Examples of us ...
snarl
Visit the Product Sitesnarl is a bootable forensics ISO based on FreeBSD and using @stake's autopsy and task as well as scmoo's list of known good checksums. Once you boot the iso just log in as root there is no password. You will boot into a dialog driven menu. select the fir ...
Portable Linux Auditing CD
Visit the Product SitePLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be avialable and scripts to roll you own cd.
Forensic Acquisition Utilities
Visit the Product SiteThis is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensi ...
Knoppix
Visit the Product SiteKNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a Linux demo, educational CD, rescue syste ...
SMART
Visit the Product SiteSMART can acquire digital evidence from a wide variety of workstations, servers and digital devices. SMART authenticates the data it acquires using any or all of the CRC32, MD5SUM and SHA1 algorithms. SMART also provides for the compression of data using ...
Password Recovery Toolkit
Visit the Product SitePassword Recovery Toolkit gives you the ability to recover passwords from well-known applications. PRTK is perfect for law enforcement and corporate security professionals. If you need access to locked files or if your users have simply locked themselves ...