Digital Forensics Tools/Distros

chrisone

I was researching digital forensics distros/platforms and came across several. Which ones are the best to use? most recognized? I know there are many tools for different forensics analysis but I am talking about the overall distros.

Digital Forensics Framework
Sleuth kit +Autopsy
SANS SIFT (this is distro is based on SANS courses)
EnCase (has certification) Tools require license/fees
AccessData FTK (has certification)
Kali Linux (distro has autopsy, Digital Forensics Framework, volatility, and others)

Aside from EnCase, most of these tools are freeware. So whats the verdict here? people use one? two? multiples of these tools during investigations? Any recommended books or courses?

Thanks!

iBrokeIT

Nirsoft (NirSoft - freeware utilities: password recovery, system utilities, desktop utilities) and Sysinternals are both large collections of tools that come in handy in various circumstances.

Use the best tool for the job, you aren't going to find a one size fits all cases platform.

JasminLandry

I don't know that much about forensics but I have used CAINE in the past for a project at school CAINE Live USB/DVD - computer forensics digital forensics

PJ_Sneakers

It depends on the forensics you are doing. Live box? Dead box? PC? Mac? Android? iOS? Blackberry? Different tools for different tasks. In forensics there is no best tool, especially when you are talking about automated software packages.

Also, it depends on how much money you have.

What is your goal here?

Verities

DEFT (Digital Evidence & Forensics Toolkit) Linux is commonly used by law enforcement:

DEFT Linux - Computer Forensics live CD |

cyberguypr

As PJ said, what is the end goal? My shop is EnCase heavy but we have other "lighter" tools that we use when the incident doesn't need the full power of EnCase. There are many ways to get to what you want and once you find it you may need other tools to validate it.