Computer Forensics means examining computers for traces of data that might solve a problem – be it legal or work-related, or personal use. While the term computer forensics brings to mind an image of professionals using high-end tools to recover and examine data, there are tools that even laymen can use.
Free Computer Forensics software for PC
This article talks of some of the best free computer forensics tools and software that I have come across at some point or other:
- P2 eXplorer
- Digital Forensics Framework
- Bulk Extractor.
1] P2 eXplorer
This is one of my favorite tools. Not that I have had a real use for it, but I found it interesting because it allows you to browse a disk image without burning it to DVDs. You simply mount a disk image to one of the available letters on your computer and then open it in Windows Explorer. Since it is a disk image, it is read-only. That means you can check out the contents but cannot change it. Nevertheless, it is an important tool if you have to examine disks in detail or when you have too many computer disks to examine. You have all the data in one interface and all you need is to mount the image file and study it.
P2 eXplorer is available in both free and paid versions. The free version runs in 32-bit operating systems only. It does not mount EnCase v7 images nor does it mount any virtual machine files. The paid version is highlighted more on their website, but the link to download the free version is available on the right side of the website.
2] Digital Forensics Framework
This is open-source software that allows for:
- Write blocking
- Read different types of file formats, irrespective of the operating system; you can also recover raw Linux files from a Windows OS using this software
- Remote access to disks and drives
- Recover and examine deleted and hidden files
- Can read the headers of the files easily so that you know which files to dig into for further information
Above all, people with good computer knowledge can build their own code and use it with the API of a digital forensics framework.
This is yet another easy to use tool that analyses the file system and recovers files that have been deleted on purpose or otherwise. It can also modify the RAM (system memory). It can handle files of any size. The interface is easy to use and hence can be used by anyone with little knowledge of how computers work. You can download HXD from the manufacturer’s website.
PlainSlight is yet another free computer forensics tool that is open source and helps you preview the entire system in different ways. Its easy-to-use interface and self-explanatory labels allow people (even with little knowledge of the computer’s internal function) to use it easily. It can recover deleted files, and recover hidden files and folders. It can help with certain other things like obtaining hard disk information, viewing user groups and group information, examining USB storage information, and things like that. Though I like it for its ease of use, it does not offer many features other than the basics of computer forensics. We already have seen P2 eXplorer that can recover file fragments and place them in a readable form. Compared to that, is really very simple. It is available at plainsight.info.
5] Bulk Extractor
This is a good tool as it ignores the file table and parses the disk directly. That enables it to record hidden, system, and deleted files. The information can then be aggregated into similar entries and analyzed using other tools. You can download Bulk Extractor from GitHub.
All of them work on most of the recent Windows versions. If I have missed out on any free or open-source computer forensic tool, please let us know.