All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: which software for hdd forensic?
PostPosted: April 19th, 2014, 9:15 
Offline

Joined: March 28th, 2011, 17:45
Posts: 441
Location: italy
Which software/s do you guy suggest to investigate hard disk drive? (ntfs/HFS+ mostly) (deleted email,chats,history, etc.)


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: April 19th, 2014, 10:07 
Offline
User avatar

Joined: May 3rd, 2011, 9:52
Posts: 177
Location: France
Encase / FTK / X-ways are the main software...

_________________
Lemmy


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: April 19th, 2014, 12:53 
Offline
User avatar

Joined: August 26th, 2012, 19:18
Posts: 293
Location: England
hi positivebit

as Lemmy mentioned, those are industry standard kit.

Another one to consider as you mention email, chats & history is Magnet Forensics Internet Evidence Finder.

It really depends upon your need, depth of requirement and how much time and money you want to spend
There are also free opensource kits available too like SIFT, Caine, Deft and more.
Expensive or cheap, the programs above are no "easy ride".

You probably already know, but it's worth mentioning here anyway, that if it is truly "forensic" (ie any chance of court case) consider hiring a data forensics pro. Finding internet artifacts is the least of your worries.

Anything less than rigorous attention to legal compliance, from acquiring the hardware to presenting in court, will land you in a whole world of hurt. Remember, it isn't "evidence" unless it's accepted by the court as such.
Always check your county and country legal requirements too.
What could be valid advice on here from one country may get you in jail in another.

K

_________________
Когда хочется кушать – съешь всё.
Голод не тётка!


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: April 21st, 2014, 10:21 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
for financial cases I have had great success scanning data with Identityfinder . Good organization of credit cards, passwords, social security data, credits applications, and financial institution information well organized with links and references.


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: April 21st, 2014, 10:57 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
For open source / free try Sleuthkit and the associated GUI, Autopsy. http://www.sleuthkit.org/
Quote:
Autopsy® and The Sleuth Kit® are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation. Join the sleuthkit-users list to ask questions and help others.

Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.

If you need a custom, automated solution, then you can build one using the TSK libraries or the framework. We have also done research on using Hadoop to analyze disk images using cloud computing infrastructures.


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: April 21st, 2014, 15:23 
Offline

Joined: March 28th, 2011, 17:45
Posts: 441
Location: italy
thank you guy all, i am now going into trying the free versions and demo versions.

Autopsy (64bit windows version) wasn't able to get anything from a MacPro HFS+ full of data for now.

regards.


Top
 Profile  
 
 Post subject: Re: which software for hdd forensic?
PostPosted: May 7th, 2014, 16:17 
Offline

Joined: February 12th, 2008, 18:21
Posts: 25
I agree with other posts that EnCase and FTK are primary digital forensics products. Specific to what you (deleted email, chats, history): digitalferret's recommendation of Magnet Forensics' Internet Evidence Finder (IEF) is a great tool for internet related items such as webmail, chats, internet history, Facebook, etc. Another tool that is good specifically for what you asked about is Paraben's P2 Commander. I think Paraben may have a limited version trial available for you to try for free.

Good luck.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group