What’s in My Forensic Kit?

I’ve been asked at times what I keep in my forensic toolkit. This is a collection of burned commercial and open software that I take with me when performing computer forensic work: the extraction and preservation of data evidence for eventual presentation to a legal representative (lawyer or court).

Cain & Abel. A password recovery tool for all variants of Windows, except Vista.

Kiwi Syslog Daemon. This is a log parsing utility for Windows environments.

The Ultimate ZipCracker. A utility to crack or find lost passwords in PKZIP and Office documents.

Email Examiner. A great tool for recovering email on a microcomputer.

Knoppix. A bootable version of Linux that allows a bypass on NTFS controls in Windows.

WinRescue. A general purpose tool for a Windows station.

Uneraser. A great command-line and bootable solution to unerase contents of various file systems.

Acronis. Data archive and retrieval – stream an image of the drive to another USB drive without disturbing the original image.

OfficeRecovery. A useful tool for repairing corrupted Office files.

Snort. Network packet logger and investigations software.

So – what’s in your kit?

R
www.micklerandassociates.com

Name (required)

Mail (will not be published) (required)

Website

Notify me of follow-up comments by email.

Notify me of new posts by email.