As cybercrimes increase year after year, so do the amount of companies that create digital forensic tools that help law enforcement catch the bad guys. Some of these companies focus on computer forensics in general, meaning they dabble in computers and mobile devices and others specifically one or the other. Some well-known companies include Guidance Software and AccessData both of which are leaders in digital forensics. However, their programs are very expensive and can cost thousands of dollars. Well, that type of cost doesn’t really matter to law enforcement experts who belong to larger organizations and rely on this software for criminal and intelligence cases. However, I have laid out digital forensic tools that cost little to nothing and can benefit the individual who is curious to the small or large law enforcement organization. The following are great digital forensic tools:
1. ILook – is a full service digital forensic solution like AccessData’s Forensic Tool Kit (FTK) or EnCase by Guidance Software. This tool was developed by the U.S. Department of Treasury and is 100% free. The only stipulation is that you need to be a sworn law enforcement officer or agency in order to download it. I personally love ILook because it is not only very fast but also easy to use. ILook is designed to run on Windows XP platforms.
2. The Sleuth Kit – which is a free collection of command line digital forensic investigative tools for a plethora of different file systems to include FAT, NTFS, Ext2 and Ext3 as well as UFS and HFS. This software is open to the general public.
3. COFEE – was designed by Microsoft specifically for law enforcement. COFEE stands for Computer Online Forensic Evidence Extractor and contains over 100 tools to analyze volatile memory prior to seizing a computer for evidence. All you do is install COFEE on a USB thumbdrive and stick it in a suspect’s computer. You don’t have to be a computer forensic expert to figure out how to do this. This is great for first responders and investigators. Just go to the National White Collar Crime Center (NW3C) and download it. This software is only available to sworn law enforcement personnel.
4. DEFT Linux Live CD – is opensource freeware specifically designed for the Linux environment. This is an extremely easy program to use and is great for investigators as well as corporate administrators. Since this is a Linux Live CD, there is nothing to install. Everything is ran right from the CD when the computer boots up. This software is open to the general public.
5. CelleBrite – is a mobile forensic hardware device that can analyze virtually any phone on the commercial market. This hardware device is a little expensive but well worth it. CelleBrite is able to download, movies, pictures, text messages, call history, etc… even if it’s been deleted. The best part about this besides its ability to recover deleted information is that it can even extract and display passwords stored on the phone. Passwords can be the one piece of information an investigator needs to unlock the smoking gun. CelleBrite is definitely a great piece of gear for any type of investigation.
The above information was based on my own training and personal use with the aforementioned products.