Software tools that are not listed can be added with an email request. No tool is listed in any particular order over another, nor is any tool being advertised or proposed as being better than others. As you know, not one tool can do everything you need and you need to have a resource of software tools in order to handle the majority of situations you encounter. Although the majority of these tools can be obtained by anyone, in order to acquire digital evidence that will be admissible in court requires training, experience, and ability of a computer forensic examiner.

All products are the property of their respective manufacturer. Trademarks, copyrights, and patents are implied if not listed. Some are freeware, some are free to law enforcement only, and the rest is commercial. 

Software tools
Maresware New Technologies Inc. Access data
@stake PC Inspector Mid Michigan Computer
DataLifter LC Technology Digital Detective
Foundstone Webattack Paraben
Tech Pathways NTSecurity ASR Data
Funduc Software Winsor Computing FIRE
Helix X-Ways Forensics Guidance Software
Tools That Work 
Maresware www.dmares.com/maresware/linksto_ forensic_ tools.htm
Add_recl 

FREE
32 bit program that will add a 4 byte record length to the beginning of a CR/LF record. 
Bates_No 

Renames files with bates numbering mask
Boot Reboots computer 
Brandit Brands a hard drive with owner information. 
Bsearch Search a data file 
Catalog Linux file cataloging 
Ch FREE 16 bit program that enhances the CD command 
Chek_env FREE Will check the environment for the existence of a variable, and confirm the value set for the variable. 
Chsize FREE Will change the size of a file (truncate or increase size) 
Collate 

Collate 2 files together
Copy_ads Program designed to identify and copy Alternate Data Streams in NTFS. 
Compare Compare 2 files on key field 
Crckit Produces 32 bit CRC. 
Crc test.zip FREE Zip file containing a number of known files with 32-bit CRC and 128 bit MD5 hash values. 
Datecov FREE Converts given date format (9123456789) into conventional format (00-00-0000) 
Dater Shows current month (and more). 
DD Dump contents of disk 
Declasify Overwrites hard disks 
Disable FREE Will disable the keyboard of a computer. Good for boot/safety net disk. 
DiskCat Catalog of all files 
DiskSort Sorts fixed length records. 
EventLog Formats NT event log 
Fasthash FREE 16-bit version of the hash program. 
FilBreak Reformat NT event log output. 
Filsplit Split a file into pieces. 
Findrecl Find record length of file 
Grab Capture partition and boot sectors 
Hash Calculate MD5, SHA hashes of files. 
Hashcmp Compare 2 Hash output files 
Hash_dup Find duplicates in hash output. 
Hex_sect Display/edit files 
Ini Maresware INI file formats 
Ispgp Check for PGP type files 
Killdir Delete entire subdirectory. 
Hexdump1 and 2 FREE Displays files in hexadecimal format (#1 provides output similar to mainframe dump programs and #2 provides a color output and has search capabilities) 
Hpa FREE 16-bit program designed to work on IDE drives to identify the drive’s manufacturer, serial number, number of sectors, and any host protected areas. Good for boot disk. 
Kiting FREE Will analyze two fields containing dates and calculates the difference of two date fields and appends to the record a 5 digit number representing the differences in days between the two dates. 
Lfn_Crc FREE Program that will calculate the checksum of the 8.3 DOS filename to confirm/verify that the long filename checksum is correct
Makedir Makes complete directory path 
MD5 

Calculate MD5, SHA of files.
Mdir 

Forensic directory listing program.
Mktemp FREE 

Program that will create any number of temporary test files, in any number of subdirectories.
Mod com FREE Program that will alter the operating system files on a floppy boot disk so that when booted, it will not alter the operating system.
Modify 

Change file attributes.
Mouse FREE Designed to work on files that have fixed length records and do not have the traditional carriage return/line feed characters. 
Mxcopy Logical file copy off a diskette. 
NIST_Crc FREE Program will compute the CRC, MD4, MD5, and SHA1 of a file. Sha_verify is more robust. 
Ntimage Program will make a disk image while running NT or W2K, or XP on a live system. 
NT_SS Program will allow you search string searches of a disk at the sector level while running under NT or W2K or XP. 
Ntwipe Wipe hard drive under Windows NT. 
Pagefmt FREE Program that is designed to take a file of fixed length records and produce a formatted file on disk containing page breaks suitable for copying to a printer. 
Pipefix Make fixed length records from carriage return records. 
Random FREE Program designed to generate random numbers for sampling or other purposes. 
Rm and Rmd Remove and overwrite: files, slack and free space. 
Sample FREE Program will create one file of any size with known content, which can then be used to test forensic software. 
Search Search data files for keys 
Sha verify FREE Program which will calculate the MD5, SHA1, SHA2 (256, 384, and 512 bit) hashes of files. 
Sortchk FREE Will confirm the sort sequence of a sorted file. 
SS Searches physical disks for strings. 
Split & Unsplit Split & combines parts of a file
Strip FREE Program that is used to strip out unprintable characters from a file. 
Systems FREE Program that will quickly scan a drive and attempt to determine how many partitions and boot records are on the drive and what OS is on the drive
Total 

Total numeric fields in records.
Truetime FREE Program that will ask the user for the correct time and date, and obtain the system date and time from the system BIOS.
Unique Remove duplicate key records. 
Upcopy Sophisticated copy program for forensics and system maintenance. 

AccessData 
Forensic Tool Kit Automated Forensic Tool. 
FTK Imager Disk imaging tool. 
Registry Viewer Registry viewer tool. 
Password Recovery Toolkit Password Recovery tool. 

NTI Tools
CopyQM A U. S. DOD tested and certified floppy diskette duplication tool that is used to create duplicates of frequently used floppy diskettes in incident responses. 
AnaDisk Diskette analysis tool 
APRK Password cracking tool 
CRCMD5 A CRC file-hashing program that validates the contents of one or more files. 
DiskScrub A U. S. DoD tested and certified hard disk drive scrubbing utility used to securely eliminate all data. 
DiskSig Pro FREE A CRC hashing tool that is used to validate mirror image backup accuracy. This tool is also used to inventory all of the partitions/operating systems on a computer hard disk drive
FlistPro FREE A hard disk and floppy diskette-cataloging tool used to evaluate computer usage time lines. 
Filter_G A patented intelligent fuzzy logic filter used with windows swap/page files and ot her ambient data sources to identify English language communications. 
Filter_I FREE A forensic filter used to eliminate binary data and control characters from ambient data sources. 
Filter_N FREE An intelligent fuzzy logic filter used to identify data patterns associated with credit card numbers, social security numbers, phone numbers and bank account numbers. 
Fnames R etrieves names of middle eastern descent. 
GetFree A U. S. DoD tested and certified ambient data collection tool used to capture unallocated (erased file) data. 
GetHTML FREE An intelligent fuzzy logic filter that is used to quickly identify patterns of HTML in ambient data sources. 
GetNames FREE Retrieves name strings from data files. 
GetSlack A U. S. DoD tested and certified ambient data collection tool used to capture file slack for analysis
GetSwap Retrieves data from swap files. 
GetTime FREE A program used to document the CMOS system time and date on a computer seized as evidence. 
Gextract FREE An ambient data collection tool which quickly and automatically reconstructs previously BMP, GIF and JPG files in cases involving the inappropriate (or illegal) download or viewing of pornography on the Internet. 
HexSearch A forensic hex search utility that is used to find binary data patterns associated with file headers and foreign language data patterns. 
MsweepPro A U. S. DoD tested and certified ambient data security scrubbing utility. 
NTA Stealth A patented forensic software tool which is used to quickly identify internet account uses and abuses. 
NTA Viewer An analysis and reporting tool for use with NTI's patented Net Threat Analyzer software. 
NTI Secure Toolkit Encryption tool. 
Ptable 16 bit disk information retrieval. 
Ptable32 3 2 bit disk information retrieval. 
Safeback 3.0 A program that is used to create an evidence grade bit stream backup of a computer hard disk drive, zip disk or flash memory card. 
Seized FREE A program used to lock and secure evidence computers. 
TextSearch NT 

A U. S. DOD tested and certified text search utility that is used to conduct searches on Windows NT, Windows 2000 and Windows XP-based computer systems. This tool is used in computer-related investigations and in computer security risk reviews.


TextSearch Plus A U. S. DoD tested and certified text search utility that is used to conduct searches on DOS, Windows 95 and Windows 98-based computer systems. This tool is used in computer-related investigations and in computer security risk reviews

@stake 
PDA Zap FREE PDAZap is a small application that when placed on a P800 will allow you to image the device's flash to a Sony Memory Stick Duo. 
The Sleuth Kit FREE The Sleuth Kit is the only open source forensic toolkit for analyzing Microsoft and UNIX file systems. For more information, click on the tool's webpage link above. 
Autopsy Forensic Browser FREE The Autopsy Forensic Browser is an HTML-based graphical interface to The Sleuth Kit and standard UNIX utilities.
Mac_robber FREE mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the 'mactime' tool in The Sleuth Kit to make a time line of file activity. mac-robber is similar to running the 'grave-robber' tool from The Coroner's Toolkit with the '-m' flag, except this is written in C and not Perl. 
Pdd FREE pdd (Palm dd) is a Windows-based tool for Palm OS memory imaging and forensic acquisition. The Palm OS Console Mode is used to acquire memory card information and to create a bit-for-bit image of the selected memory region 

PC Inspector 
PC Inspector FileRecovery FREE is a data recovery program that supports the FAT 12/16/32 and NTFS file systems. 
PC Inspector Clone Max FREE PC INSPECTOR™ clone maxx is the new professional hard drive copying program from CONVAR. Using the new direct DMA support, data can be copied from hard drives in high speed mode with speeds up to 3.3 GB per minute. 
PC Inspector Smart Recovery FREE is the new data recovery program from CONVAR for Flash Card™, Smart Media™, SONY Memory Stick™, IBM™ Micro Drive, Multimedia Card, Secure Digital Card or any other data carrier for digital cameras.. 
PC Inspector Inspector Task Manager FREE With PC INSPECTOR™ task manager, programs can be quickly and easily started at specific times or intervals. 
PC Inspector FS Guard FREE PC INSPECTOR™ fs guard is a monitoring program developed specially for WINDOWS NT™ 4.0, WINDOWS 2000™ and WINDOWS XP. PC INSPECTOR™ fs guard (fs guard) can be used for diverse purposes. 
PC Inspector Print html FREE PC INSPECTOR™ print html is an ActiveX component that was developed specially for WINDOWS NT™ 4.0, WINDOWS 2000™ and WINDOWS XP for automatic printing of information directly from a Web site without the annoying print dialog popping up. 
PC Inspector e-maxx FREE PC INSPECTOR™ e-maxx is the new professional data deletion program from CONVAR. 

Mid Michigan Computer Forensics Group 
M2CFG USB Write Block FREE Windows XP Software Write Blocker for USB devices 

DataLifter 
DataLifter Automated Data Recovery Tool. 
Bonus Tools 

A dditional data tools.

LC Technology 
Photo Recovery for Digital Media Recover lost images from Smart Media, CompactFlash, Memory Sticks, SD Cards, CD, MiniDisk or almost any other type of media* used by digital cameras.
File Recovery for Windows Easy recovery tool retrieves files, which have been deleted from a hard disk even if they are not in the recycle bin. 
File Recovery Professional Professional allows the user to recover data from damaged disk drives. 

Digital Detective 
Text2Hex FREE This utility will convert ASCII characters to Hexadecimal Values. 
MD5 & Hashing FREE To use the utility, either open a single file or drag a group of files into the main window. The MD5 hash of every file will be shown. 
Registry Information Extractor FREE 

It can extract the following information:

Registered Owner, Registered Organization, Windows Version, Windows Version Number, Windows Installed Date & the Computer Name. 
Decode FREE This utility was designed to decode the various date/time values found embedded within binary and other file types. This release now supports the following date/time formats and will allow you to specify the offset 
AIM Password FREE This utility was designed to decrypt the login password for AOL Instant Messenger version 4. Please note, version 5 of AIM has a different encryption method so this software will not work on that version. 
File Date Time Extractor FREE This software hunts through binary files 'sniffing out' hidden, embedded 64 bit date & times. This type of stored date is very popular in many Microsoft applications. Microsoft Word & Excel Applications store many different date & times. Word documents have Created Date & Time, Printed Date & Time, Modified Date & Time, Accessed Date etc. 
Cookie Decoder FREE The software will decode the internal cookie data such as the date and times, and it will split the data into separate cookie records. 
Webdate FREE This utility was originally designed so I could establish how Microsoft Internet Explorer stored date & time values inside index.dat files. Type or paste into the main window, the URL of a website or individual file and it will return the Last Modified date & time of that site, web page or individual file. 
SnapView HTML Viewer FREE HTML viewer 
FavURLView Favourite Viewer FREE This utility will decode Internet Shortcut (*.URL) files to allow you to compare the Shortcut Description with the actual link. It will also decode the Modified time and date. 
MS Access Database Password Decoder FREE This utility was designed to decrypt the master password stored in a Microsoft Access database. 
Stealer FREE This utility will extract the machine name, username and the net username along with any dial-up user accounts and passwords. It will also identify any passwords and usernames for secure web sites and any password protected shared folders on a network! 

Foundstone
Fpipe™ FREE Command line port redirector for NT/2000 
Pasco FREE An Internet Explorer activity forensic tool. 
Galleta FREE Examine the contents of the cookie files from Internet Explorer 
Rifiuti FREE Examine the contents of the INFO2 file in the Recycle Bin. 
NTLast™ FREE Security log analyzer. Identify and track access to a computer. 
Forensic Toolkit™ FREE File properties analyzer. 
ShoWin™ FREE Show information about Windows, reveal passwords. 
BinText™ FREE Finds ASCII, strings in a file. 
PatchIt™ FREE Binary file byte-patching program 
Vision™ FREE Reports all open TCP and UDP ports and maps them to owning process 
SiteDigger™ FREE SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. 
SSLDigger™ FREE SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure. 
Hacme Bank™ FREE Hacme Bank™ is designed to teach application developers, programmers, architects and security professionals how to create secure software. 
IPv4Trace FREE Win32 C++ programming library port of the OpenBSD 2.8 kernel-land IPv4 fragment reassembly implementation
Carbonite™ FREE A Linux Kernel Module to aid in RootKit detection. 
FileWatch™ FREE A file change monitor. Used with BlackICE Defender. 
Attacker™ FREE A TCP/UDP port listener. 
Fport™ FREE Identify unknown open ports and their associated applications. 
SuperScan™ FREE SuperScan is a completely-rewritten update of the highly popular Windows port scanning, pinger, resolver tool, SuperScan. 
NetSchedScan FREE A Windows network admin utility for remotely detecting the Task Scheduler vulnerability on Microsoft Windows 2000 and Windows XP systems. 
DSScan FREE A network admin utility for remotely detecting LSASS vulnerability released in the MS04-011 bulletin. 
MydoomScanner FREE Scan for systems infected with the Mydoom worm. 
MessengerScan FREE MessengerScan v1.05 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the messenger service buffer overflow released in the MS03-043 bulletin. 
PRCScan FREE RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins. 
SQLScan FREE A tool for scanning Microsoft SQL Server 2000 Worm. 
BOPing™ FREE A scanner for the infamous Back Orifice program. 
ScanLine™ FREE Command line port scanner. 
Trout™ FREE Traceroute and Whois program. 
DDosPing™ FREE A network admin utility for remotely detecting the most common DDoS programs. 
SNScan™ FREE SNMP Detection Utility. 
CIScan FREE Cisco IOS IPv4 Remote Denial of Service Vulnerability Detection Utility. Utilizes SNMP to ascertain and analyze the version of the targeted Cisco device. 
FSMax™ FREE A scriptable, server stress testing tool. 
Blast™ FREE A small, quick TCP service stress test tool. 
UDPFlood™ FREE UDP packet sender utility. 

Webattack.com 
HDD Erase FREE Disk wipe tool 
PSVP FREE Password finding tool 
MailPV FREE Mail Password Recovery allows you to recover your email password for any POP3 account, as long as it is stored in an email program on your computer. 
Bat2exe FREE Batch making tool (drag file onto bat2exe and it makes it into a batch file) 
ISO Buster FREE CD viewer 
Spade FREE Internet Forensic Tool. 
SnagIt FREE Screen Capture 
Protected Storage PassView FREE Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer and Outlook Express. 
Win98 PassView FREE The Win9x PassView utility reveals several passwords stored on your computer by the Windows 95/98 operating system. 
ABC Keylogger FREE ABC Keylogger allows you to log all keystrokes on your computer. It can automatically start logging when your computer starts and runs hidden in the background. 
NTFS Reader for DOS FREE NTFS Reader provides read access to NTFS drives from the MS DOS environment. 

Paraben 
Email Examiner The right tool for examining mailboxes, including PST files, is Paraben's E-mail Examiner. 
Forensic Replicator Paraben's Forensic Replicator can acquire a wide range of electronic media from a floppy to a hard disk -- nothing is forgotten. 
Network Email Examiner With Network E-mail Examiner, you can now thoroughly examine MS Exchange (EDB) and Lotus Notes (NSF) files. 
Text Searcher Paraben's Text Searcher is a fast, comprehensive, and feature-rich text searching tool that will make any examiner more effective and more efficient. 
PDA Seizure The only forensic tool designed to capture data and report on data from a PDA. 
Cell Seizure Cell phone forensic tool 

Tech Pathways 
ProDiscover For Windows Family of computer security tools enables systems administrators, consultants, and investigators find the data they need on a computer disc. 
Prodiscover Forensics ProDiscover Forensics edition provides all the capabilities as ProDiscover for Windows and also includes all additionally supported file systems such as SUN Solaris UFS. 
ProDiscover Investigator ProDiscover Investigator takes the ProDiscover Forensics workstation product and turns it into a fully client server application allowing disk preview, imaging and analysis over any TCP/IP network. ProDiscover Investigator includes tools and scripts for Stealth-Only remote agent installation. 
ProDiscover Incident Response In addition to being a full client server application and allowing live disk preview, imaging and analysis, ProDiscover IR includes advanced tools for Incident Response of cyber attacks. 
ProDiscover Suite Has all features of Investigator and IR as well as Windows and Forensics 

NTSecurity.nu 
AckCmd FREE AckCmd is a backdoor client/server combination that can establish contact from the outside through some firewalls (static packet filtering) although they are set up to deny connections from the outside. 
BrowseList FREE BrowseList retrieves the browse list. 
CECrypt FREE CECrypt is a file encryption tool for Windows CE that can encrypt with either 3-DES or IDEA. 
ClearLogs FREE ClearLogs clears the event log (Security, System or Application) that you specify 
CryptF FREE A file encryption tool that can encrypt with either 3-DES or IDEA. 
DBProbe FREE DBProbe checks the directed broadcast ping amplification factor for a network. 
DelGuest FREE 

DelGuest deletes the built-in Guest account in Windows NT.
DumpUsers FREE DumpUsers is able to dump account names and informationeven though RestrictAnonymous has been set to 1. 
EFSView FREE EFSView lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file. 
EtherChange FREE EtherChange can change the Ethernet address of the network adapters in Windows. 
EtherFlood FREE EtherFlood floods a switched network with ethernet frames with random hardware addresses 
FakeGINA FREE FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. 
FileHasher FREE FileHasher calculates the MD5 or SHA hash for a file. 
GPList FREE GPList lists information about the applied Group Policies. 
GrabItAll FREE GrabItAll performs traffic redirection by sending spoofed ARP replies. 
GSD FREE GSD (Get Service DACL) gives you the DACL (Discretionary Access Control List) of any Windows NT service you specify as a command line option. 
Inzider FREE Shows which processes listen at which ports. 
IPEye FREE IPEye is a TCP port scanner that can do SYN, FIN, Null and Xmas scans. 
IPSecScan FREE IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled. It seems like this is the only IPSec scanner out there. 
KerbCrack FREE KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack. 
kLogger FREE kLogger is a keystroke logger for Windows NT / 2000. 
ListModules FREE ListModules lists the modules (EXE's and DLL's) that are loaded into a process. This can be useful in a forensic investigation. 
LNS FREE LNS is a tool that searches for NTFS streams (aka alternate data streams or multiple data streams). 
MACMatch FREE MACMatch lets you search for files by their last write, last access or creation time without changing any of these times 
PEriscope FREE PEriscope is a PE file inspection tool. For example you can use it as an aid when you are inspecting a file looking for malicious code. 
PMDump FREE PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process 
PromiscDetect FREE PromiscDetect checks locally if your network adapter(s) is running in promiscuous mode, which may be a sign that you have a sniffer running on your computer. 
PStoreView FREE PSto reView lists the contents of the Protected Storage. It usually contains things like Internet Explorer username and password autocomplete, and Outlook account names and passwords. 
RPAK FREE RPAK is a collection of tools that can be useful for doing attacks on routing protocols. It contains tools for RIP, RIP2, IGRP and OSPF. 
SetOwner FREE Allows you to set file ownership to any account, as long as you have the "Restore files and directories" user right. 
Snitch FREE Snitch can sometimes turn back the asterisks in password fields to plaintext passwords. 
SQLDict FREE SQLDict is a dictionary attack tool for SQL Server. 
LANMAN FREE A DLL that works like passfilt.dll, but enforces some extra password policies to make it harder for password crackers like L0phtcrack to crack LANMAN hashes of the passwords. 
Tini FREE A simple and very small (3kb) backdoor for Windows, coded in assembler. 
WinFo FREE Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. It also identifies the built-in Administrator and Guest accounts, even if their names have been changed. 
WinRelay FREE WinRelay is a TCP/UDP forwarder/redirector that works with both IPv4 and IPv6. You can choose the port and IP it will listen on, the source port and IP that it will connect from, and the port and IP that it will connect to. 
WinZapper FREE WinZapper is a tool that lets you erase event records selectively from the Security Log in Windows NT 4.0 and Windows 2000. As far as I know there is no other tool capable of doing this. 
WPSweep FREE WPSweep is a simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. 
WUPS Windows UDP Port Scanner FREE An UDP port scanner for Windows 

ASR Data 
SMART SMART is a software utility that has been designed and optimized to support data forensic practitioners and Information Security personnel in pursuit of their respective duties and goals 

Funduc Software 
Decode Shell Extension FREE Internet email attachment decoder 
Update Toolkit FREE Command line utility that provides four functions within a single application (Moving/Copying files, Changing Windows Shortcuts, Search-replacing in windows registry, search-replacing text files) 
FSHED FREE Freeware Hex Editor 

Winsor Computing 
Hex Toolbox v2.2 FREE Freeware Hex Editor 

FIRE
Forensic and Incident Response Environment FREE A portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins.

HELIX
Forensic Linux CD FREE Helix is a customized distribution of the Knoppix Live Linux CD. Boot the CD and you have Helix. That includes customized linux kernels (2.4.26 & 2.6.5), Fluxbox window manager, Excellent hardware detection and many applications. Helix has been modified to specifically not touch the host computer and be forensically sound. Helix also has a special Windows autorun side for Incident Response. Helix is now used by SANS for training in Track 8: System Forensics, Investigation and Response. Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques.

X-Ways Forensics
WinHex Computer Forensic, Data Recovery, and IT Security Tool
Hex Editor, Disk Editor, and RAM Editor
X-Ways Forensics Integrated Computer Forensics Environment
Based on WinHex
Davory Data Recovery Made Easy
Evidor Electronic Evidence Acquisition
X-Ways Trace User Activity Deciphered
X-Ways Replica Hard Disk Cloning & Imaging
X-Ways Security Permanent Erasure

Guidance Software
EnCase® Enterprise Edition EnCase® Enterprise Edition is for computer investigators and information security professionals who need to investigate computer breaches and other incidents throughout the enterprise. EnCase® Enterprise Edition is a powerful network-enabled incident response and computer forensics system that provides immediate and thorough forensic analysis of volatile and static data on compromised servers and workstations anywhere on the network; without disrupting operations.
EnCase® Forensic Edition As the standard in computer forensics, EnCase® Forensic Edition delivers the most advanced features for computer forensics and investigations. With an intuitive, yet flexible GUI and unmatched performance, EnCase® software provides investigators with the tools to conduct complex investigations with accuracy and efficiency

Tools That Work
B yte Back ByteBackTM is one of the most effective and popular solutions for forensic examiners looking to image media, repair logical damage, search for information in both formatted and slack areas of hard disk drives and verify the integrity of the investigation utilizing MD5 hash.
Omniquad DetectiveTM Omniquad DetectiveTM is a Windows driven search and report utility which can make searching for images and keywords simple and fast

Tips on tools:

no matter how hard you try to keep up with the most current versions, the newest forensic software, you just never can keep up.  Pick what you like, what works best for you, and become an expert on it.

 

CF Jobs © 2005 | All Rights Reserved | 

Round the Bend Wizards