Now the question is, how these can be gathered and what if the digital assets are damaged. In this situation, here comes the Forensic term.
Forensic is done to identify or recover the hidden data from digital assets. The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial.
Here in this post, I will point out some of the basic Forensic tools that are being used by many security experts, government and much other organisation.
1. Volatility Framework:-
This is an open source memory forensics framework that was first introduced in 2007 at BlackHat DC. This tool is being written in python and you can use this framework to extract information or data about RAM, running processes, open network sockets, network connections etc.. It also provided a cross-platform, modular, and extensible platform to encourage further work into this exciting area of research. You can find this tool on Github and also from its official site.
2. FTK Imager:-
FTK Imager is a data preview imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, images, memory dumps etc. FTK Imager can create perfect copies (forensic images) of computer data without making changes to the original evidence. With FTK Imager you can review and recover files that have been deleted from the Recycle Bin but have not yet been overwritten on the drive. FTK Imager comes in both GUI and command line version and you can download it from here.
3. Autopsy -The Sleuth Kit
An autopsy is the digital forensics platform and graphical interface to The Sleuth Kit. An Autopsy is easy to use, a GUI-based program that allows us to analyze hard drives and smartphones efficiently. It has a plug-in architecture that helps us to find add-on modules or develop custom modules in Java or Python. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. Autopsy offers the same core features as other digital forensics tools and offers other essential features, such as web artefact analysis and registry analysis, that other commercial tools do not provide. You can download Autopsy from its official site.
CAINE stands for Computer Aided Investigative Environment, is a Linux Live CD that contains a wealth of digital forensic tools. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. A good thing with CAINE is, it has a GUI interface that comes with various tools for Mobile Forensics, Network Forensics, Data Recovery and more.
CAINE also provide Autopsy which comes pre-installed in it. You can download CAINE from its official site.
Xplico is an open source Network Forensic Analysis Tool (NFAT) that aims to extract applications data from internet traffic. The great thing with Xplico is that it supports a multitude of protocols HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, Facebook, MSN, RTP, IRC etc. Xplico has a feature to output data directly to a MySQL or SQLite database, and many others. After installing Xplico, you can access its web interface by browsing to localhost with port 9876.
Xplico allows concurrent access by multiple users and also you can manage multiple cases. Xplico can also be used as a Cloud Network Forensic Analysis Tool. You can download Xplico from its official site.
There are many tools available for the different forensic purpose, but these are some basic tools that security experts or forensic team use. I can't detail all of them, but if you like to mention some of your favourite one or some new one then share it on the comments section below so that every also knows about it and learn it.