Digital Forensics Tools/Distros

chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCSPosts: 1,828Member ■■■■■■■■□□
I was researching digital forensics distros/platforms and came across several. Which ones are the best to use? most recognized? I know there are many tools for different forensics analysis but I am talking about the overall distros.

Digital Forensics Framework
Sleuth kit +Autopsy
SANS SIFT (this is distro is based on SANS courses)
EnCase (has certification) Tools require license/fees
AccessData FTK (has certification)
Kali Linux (distro has autopsy, Digital Forensics Framework, volatility, and others)

Aside from EnCase, most of these tools are freeware. So whats the verdict here? people use one? two? multiples of these tools during investigations? Any recommended books or courses?

2019 Goals:
Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy


  • iBrokeITiBrokeIT Posts: 1,196Member ■■■■■■■■□□
    Nirsoft (NirSoft - freeware utilities: password recovery, system utilities, desktop utilities) and Sysinternals are both large collections of tools that come in handy in various circumstances.

    Use the best tool for the job, you aren't going to find a one size fits all cases platform.
  • JasminLandryJasminLandry Posts: 601Member
    I don't know that much about forensics but I have used CAINE in the past for a project at school CAINE Live USB/DVD - computer forensics digital forensics

  • PJ_SneakersPJ_Sneakers CompTIA, EC-Council, ISACA, (ISC)², Microsoft USAPosts: 879Member ■■■■■■□□□□
    It depends on the forensics you are doing. Live box? Dead box? PC? Mac? Android? iOS? Blackberry? Different tools for different tasks. In forensics there is no best tool, especially when you are talking about automated software packages.

    Also, it depends on how much money you have.

    What is your goal here?
  • VeritiesVerities Posts: 1,162Member
    DEFT (Digital Evidence & Forensics Toolkit) Linux is commonly used by law enforcement:

    DEFT Linux - Computer Forensics live CD |
  • cyberguyprcyberguypr Senior Member Posts: 6,751Mod Mod
    As PJ said, what is the end goal? My shop is EnCase heavy but we have other "lighter" tools that we use when the incident doesn't need the full power of EnCase. There are many ways to get to what you want and once you find it you may need other tools to validate it.
Sign In or Register to comment.