In your opinion, what are the top five tools in the forensic analysis field? A minimum of 500 words is required, and they must be your own words. Including figures and quotes is value-added, but they will not count against your 500 word requirement.
Please find below the answer-
1. SANS SIFT:
It is a Ubuntu-based tool.If we need to conduct an in-depth forensic or incident response investigation, we can go with this tool.
It supports analysis of Expert Witness Format, Advanced Forensic Format (AFF), and RAW (dd) evidence formats.
a) It performs better memory utilization.
b) Auto-DFIR package update and customizations.
c) It has cross compatibility between Linux and Windows.
d) It has an option to install stand-alone via (.iso) or use via VMware Player/Workstation.
e) Expanded Filesystem Support.
2. ProDiscover Forensic:
It enables computer professionals to locate all of the data on a computer disk and protect evidence and create quality evidentiary reports for use in legal proceedings.
It can recover deleted files, examine slack space, access Windows Alternate Data Streams, and dynamically allows a preview, search, and image-capture of the Hardware Protected Area.
a) It creates a Bit-Stream copy of the disk to be analyzed.
b) It searches the files or an entire disk, including slack space.
c) It previews all files, even if hidden or deleted, without altering data on disk, including file Metadata.
d) Examine and cross reference data at the file or cluster level to ensure nothing is hidden, even in slack space.
e) Utilize Perl scripts to automate investigation tasks.
3. The Sleuth Kit:
It is collection of command line tools that allows us to analyze disk images and recover files from them.
It is used behind the scenes in Autopsy and many other open source and commercial forensics tools. It is ued to analyze volume and file system data. The plug-in framework allows you to incorporate additional modules to analyze file contents and build automated systems.
a) Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
b) Web Artifacts: Extracts web activity from common browsers to help identify user activity.
c) Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
d) LNK File Analysis: Identifies shortcuts and accessed documents
e) EXIF: Extracts geolocation and camera information from JPEG files.