Computer Forensics means examining computers for traces of data that might solve a problem – be it legal or work-related or personal use. While the term computer forensics brings to mind, an image of professionals using high-end tools to recover and examine data, there are tools that even laymen can use.
Free Computer Forensics software
This article talks of some of the best free computer forensics tools and software that I have come across at some point or the other:
- P2 eXplorer
- Digital Forensics Framework
- Bulk Extractor.
1] P2 eXplorer
This is one of my favorite tools. Not that I have had a real use for it, but I found it interesting because it allows you to browse a disk image without having to burn it to DVDs. You simply mount a disk image to one of the available letters on your computer and then open it in the Windows Explorer. Since it is a disk image, it is read-only. That means you can check out the contents but cannot make changes to it. Nevertheless, it is an important tool if you have to examine disks in detail or when you have too many computer disks to examine. You have all the data in one interface and all you need is to mount the image file and study it.
P2 eXplorer is available in both free and paid versions. The free version runs in 32-bit operating systems only. It does not mount EnCase v7 images nor does it mount any virtual machine files. The paid version is highlighted more on their website, but the link to download free version is available towards the right side of the website.
2] Digital Forensics Framework
This is an open-source software that allows for:
- Write blocking
- Read different types of file formats, irrespective of the operating system; you can also recover raw Linux files from a Windows OS using this software
- Remote access to disks and drives
- Recover and examine deleted and hidden files
- Can read the headers of the files easily so that you know which files to dig into for further information
Above all, people with good computer knowledge can build their own code and use it with the API of a digital forensics framework.
This is yet another easy to use tool that analyses the file system and recovers files that have been deleted on purpose or otherwise. It can also modify the RAM (system memory). It can handle files of any size. The interface is easy to use and hence can be used by anyone with little knowledge of how computers work. You can download HXD from the manufacturer’s website.
PlainSlight is yet another free computer forensics tool that is open source and helps you preview the entire system in different ways. It’s easy to use interface and self-explanatory labels allow people (even with little knowledge of computer’s internal function) to use it without much difficulty. It can recover deleted files, recover hidden files and folders. It can help with certain other things like obtaining hard disk information, view user groups and group information, examine USB storage information, and things like that. Though I like it for its ease of use, it does not offer many features other than the basics of computer forensics. We already have seen P2 eXplorer that can recover file fragments and place them in a readable form. Compared to that, is really very simple.
5] Bulk Extractor
This is a good tool as it ignores the file table and parses the disk directly. That enables it to record hidden, system, and deleted files. The information can be then aggregated into similar entries and analyzed using other tools. You can download Bulk Extractor from GitHub.
All of them work on most of the recent Windows versions. If I have missed out on any free or open-source computer forensic tool, please let us know.