-
-
-
-
Resources
| The American Society of Digital Forensics & eDiscovery, Inc™ For Digital Evidence Experts™ |
Online ResourcesCell Phone Research Sites
Chrome ArtifactsChrome Cache Viewer extracts information from the browser's cache. Chrome Cookie Viewer extract information from chrome cookies. Chrome Pass extracts passwords from the Chrome browser. Complaints
If you have been the victimized using any form of communications device you can file a complaint with the Federal Communications Commission. Date/Time StampsDecode converts date and time stamps into different formats. Domain Research
Online Research Tool - website resource tool and other information
GEO IP Lookup Tool - this can trace multiple IP addresses to a particular location.
GEO IP Lookup Tool
- this can trace a single IP address to a particular location. File Archiving ProgramData Backups is critical to provide your information. Breakpoint Forensics tool has a solution with the PacknHash auto archiver. File Research ToolFile Info: shows information about file extensions. Firefox Browser ToolsMozilla Cache Viewer extracts cache information from the firefox web browser. MZ Cookie Viewer extracts cookie information from the Firefox SQLite database. MZ History Viewer extracts information from the firefox browser history. Password Fox extracts passwords from the firefox web browser. Forensic ImagesComputer Forensic Reference DataSet Portal contains a series of computer forensics images for testing or digital forensics tool testing. DC3DD is another version of the dd command. DCFLDD s a version of the dd command that has incorporated additional features Digital Corpora provides free computer forensic images, memory dumps and packet captures. Enron email data - This dataset contains data from about 150 users, mostly senior management of Enron, organized into folders. It contains a total of about 0.5M messages originally made public, and posted to the web, by the Federal Energy Regulatory Commission. Mini-WinFE is a bootable Windows GUI for forensics. Forensics SoftwareAxiom is a GUI based Windows forensics tool. Encase Forensics - this was one of the very first GUI based Windows Forensics tool. FEX Imager is a free forensic imaging tool. Forensic Explorer is a paid computer forensics analysis tool. Forensic Tool Kit - originally created by Access Data is a GUI based Windows Forensics tool. Mount Image Pro - allows the mounting of forensic images as a local drive letter. The Paladin software - This is a great forensics resource for a bootable USB stick. It's free, but they request a donation. Instructions for USB configuration can be found here. X-Ways was created by Stefan Fleischmann HardwareMany different computer components from Seeedstuido. Hash CalculatorJumsum is a great free hash calculator, which can create a wide range of hash values. Hex editor
Hexed is a simple and easy to use browser based hex editor. Internet Explorer Internet Explorer Cache Viewer extracts Microsoft Internet Explorer cache. JTAG Resource Sites
LicensingPrivate Investigator Licensing by State Many states require a private investigator license in order to collect and/or process digital evidence. The above link is provided by Mike Kessler. Prefetch Tools Winprefetch Viewer extracts prefetch information from the windows operating system. Memory Analysis Dump file converts dumps are in a propriety format and must be converted for other tools to read the data properly. DumpIt extracts data from a system's memory. FTK Imager provides a command line and graphical user interface to extract a system's memory Volatility is a comprehensive memory analysis tool. VOLIX II is a graphical user interface for Violatility. NTFS InformationIf you would like to know more about the NTFS, this page provides some great information. Rainbow TablesLoftCraft - Tables: provides the ability to wash hashes through rainbow tables and decrypt passwords.Security Code BypassRemote Pin codes: swipe pattern matches on Cell phones and other mobile devices.Text Editors Notepad ++ is a very robust text editing program with many advanced features. Timeline Analysis and Creation Log 2 Timeline extracts a system’s timeline information into a plaso database. Aeon Timeline creates timelines. Plaso provides a Python backend for the log2timeline tool. Timeline Explorer creates a timeline. Timeline Maker Pro extracts timeline information. Time Sketch creates timelines. Thumbnail CacheESEDatabaseView provides more information about how Thumbnails created. Thumbcache Viewer is a great tool to view thumbnail cache information. Webpage Scanners and ResearchAbuse IPDB: shows reports for domains and ip addresses. Any.run: checks webpages and files for reports of malicious behavior Clean Talk: shows spam activity reported from webpages and ip addresses. Hybrid Analysis: checks webpages and files for reports of malicious behavior. Joe Sandbox: checks websites and files for reports of malicious behavior. Netcraft: shows general website information along with owner information for domains. Palo Alto URL Filtering: shows how Pal Alto rates a domain. Talso Reputation Center: shows how Cisco rates a domain, whether it's been reported. URL Scan: safety connects to webpages and shows results. Windows Event LogThe recommended Windows Event log recommendations by Microsoft. |
|