Best Free Tools That Will Help You in Digital Forensic Investigation

It’s hard to perform a digital forensics investigation if money is tight. But, never fear, there are a large variety of free digital forensic tools available that you can use to get to the bottom of things. 

Interested in learning more about the best free tools that will help you in digital forensic investigation? The following list of tools will help you perform forensic image exploration, hard drive forensic analysis memory forensic analysis, forensic imaging, and mobile forensics. While this list is by no means extensive, and may not have everything that you need to complete your Digital Forensic Investigation, there are a couple of gems on this list that are sure to make you happy. 

DEFT

This Linux-based Live CD bundles some of the most popular open source computer forensics tools for cyber intelligence, incident response, and computer forensics. It also features tools for network forensics, mobile forensics, and data recovery. 

Bulk Extractor

This tool gives you the ability to scan your directory of files, or disk images so you can extract information like domains, credit card number, email addresses, zip files, and URLs. The extracted information is then placed in a series of text files that can be reviewed manually or analyzed with other forensics tools. 

Free Hex Editor Neo

This basic hex editor was created to deal with very big files. Although many of its additional features are found in the commercial version, this tool is still useful for performing Facebook actions like low-level file editing, manual data carving, searching for hidden data, or information gathering. 

Linux ‘dd’

This tool comes standard with a large number of Linux distributions that are on the market today like Fedora and Ubuntu. It can be used for a variety of different tasks like zeroing out of the drive and creating a raw image of it. 

FTK Imager

This data preview and imaging tool gives you the ability to analyze files and folders on network drives, local hard drives, CDs/DVD,s as well as review the content of memory dump or forensic images. You can also use FTK Imager to review and recover files deleted from recycle bin and much more. 

The Sleuth Kit (+Autopsy)

This open source digital forensic toolkit can be used to perform comprehensive analysis on various file systems. Autopsy is basically a GUI that sits on top of the sleuth kit and comes with features like hash filtering, timeline analysis, file system analysis, and more. It also gives you the ability to add other modules for more functionality. 

Volatility

This memory forensic framework for malware analysis and incident response gives you the ability to extract digital artifacts from volatile memory dumps. You can use it to extract information about open networks and network connections, running processes, process IDs, cashed registry hives, and much more. 

ProDiscover Basic

This lightweight digital forensic investigation tool gives you the ability to image, examine, and report on evidence found on a specific drive. It also features a Search mode that gives you the ability to look for data based on criteria that you specify.