Cyber forensics is a process of extracting data as proof for a crime (that involves electronic devices) while following proper investigation rules to nab the culprit by presenting the evidence to the court. Cyber forensics is also known as computer forensics. The main aim of cyber forensics is to maintain the thread of evidence and documentation to find out who did the crime digitally.
Cyber forensics can do the following:
- It can recover deleted files, chat logs, emails, etc
- It can also get deleted SMS, Phone calls.
- It can get recorded audio of phone conversations.
- It can determine which user used which system and for how much time.
- It can identify which user ran which program.
This involves the recovery and analysis of data stored on computers and other digital devices, such as hard drives, flash drives, and memory cards. The goal is to uncover hidden or deleted files, recover lost or damaged data, and preserve evidence for use in criminal or civil investigations.
Tools:
| Name | Platform | License | Version | Description |
| Autopsy | Windows, macOS, Linux | GPL | 4.20 | A digital forensics platform and GUI to The Sleuth Kit |
| Cellebrite Inspector | Windows/macOS | proprietary | 10.4 | Analyze computer data volumes and memory from Windows-based and Mac computers to shed light on user actions and surface leads. |
| COFEE | Windows | proprietary | n/a | A suite of tools for Windows developed by Microsoft |
| Digital Forensics Framework | Unix-like/Windows | GPL | 1.3 | Framework and user interfaces dedicated to digital forensics |
| Elcomsoft Premium Forensic Bundle | Windows, macOS | proprietary | 1435 | Set of tools for encrypted systems & data decryption and password recovery |
| E3: Universal Software | Windows | proprietary | 3.1 | E3:Universal by Paraben Corporation is an end-to-end DFIR solution that can work through ALL types of digital data: computers, email, internet data, smartphones, & IoT devices. |
| EnCase | Windows | proprietary | 21.1 CE | Digital forensics suite created by Guidance Software |
| FTK | Windows | proprietary | 7.6 | Multi-purpose tool, FTK is a court-cited digital investigations platform built for speed, stability and ease of use. |
| IsoBuster | Windows | proprietary | 5.1 | Essential light weight tool to inspect any type data carrier, supporting a wide range of file systems, with advanced export functionality. |
| LLIMAGER | macOS | proprietary | 3.7 | macOS forensic imager. |
| Magnet AXIOM | Windows | proprietary | 6.X | Magnet AXIOM can recover and analyze digital evidence from the most sources, including Windows and Mac devices, Linux systems, and Chromebooks, all in one case file. |
| Netherlands Forensic Institute / Xiraf[4] / HANSKEN[5] | n/a | proprietary | n/a | Computer-forensic online service. |
| NTFSTool | Windows | MIT License | 1.7 | Complete forensics tool for NTFS volumes (Imaging, parsing, artefact extraction with support of Bitlocker and Encrypted File System (EFS). |
| Open Computer Forensics Architecture | Linux | LGPL/GPL | 2.3.0 | Computer forensics framework for CF-Lab environment |
| OSForensics[6][7] | Windows | proprietary | 8 | Multi-purpose forensic tool |
| Oxygen Forensic® Detective | Windows, macOs, Linux | proprietary | 14.3 | Oxygen Forensic® Detective can also find and extract a vast range of artifacts, system files as well as credentials from Windows, macOS, and Linux machines. |
| PTK Forensics | LAMP | proprietary | 2.0 | GUI for The Sleuth Kit |
| SANS Investigative Forensics Toolkit – SIFT | Ubuntu | 2.1 | Multi-purpose forensic operating system | |
| SPEKTOR Forensic Intelligence | Unix-like | proprietary | 6.x | Easy to use, comprehensive forensic tool used worldwide by LE/Military/Agencies/Corporates – includes rapid imaging and fully automated analysis. |
| The Coroner’s Toolkit | Unix-like | IBM Public License | 1.19 | A suite of programs for Unix analysis |
| The Sleuth Kit | Unix-like/Windows | IPL, CPL, GPL | 4.12.0 | A library of tools for both Unix and Windows |
| Windows To Go | n/a | proprietary | n/a | Bootable operating system |
Hardware
| Tableau Forensic Imager |
| Logicube Forensic Falcon NEO |
| CRU WiebeTech Forensic Field Kit |
| Deepspar Disk Imager |
| Atola Insight Forensic |
| Logicube Forensic Duplicators |
| Magnet Forensics IEF |
| Voom HardCopy 3P |