Read more about Autopsy and The Sleuth Kit here. Both tools are free and open-source, but commercial support and training are available as well. The tools are designed with a modular and plug-in architecture that makes it possible for users to easily incorporate additional functionality. Autopsy is a GUI-based system that uses The Sleuth Kit behind the scenes.
The Sleuth Kit is a command-line tool that performs forensic analysis of forensic images of hard drives and smartphones. Disk analysis: Autopsy/the Sleuth KitĪutopsy and the Sleuth Kit are likely the most well-known forensics toolkits in existence. This list outlines some of the most common and widely used tools for accomplishing different parts of a computer forensics investigation. Forensic investigation often includes analysis of files, emails, network activity and other potential artifacts and sources of clues to the scope, impact and attribution of an incident.ĭue to the wide variety of potential data sources, digital forensics tools often have different specialties. Sparse bundle disk image (.Digital evidence can exist on a number of different platforms and in many different forms.read-write disk image (.dmg): raw, UDIF, NDIF.Mac OS X has support for various disk image types build-in, some of which are: Expert Witness Compression Format (EWF).The disk image format may be further enhanced with additional information, such as error detection, error correction, data digest ( hash), and compression. Depending on the data source, the blocks can be bytes, sectors, clusters, pages or similar. were they intended to be used in (disk) forensics or virtualization.ĭisk images are usually block by block copies of the original data source. For clarity the formats are divided by means of their original purpose, e.g.
There are various types of disk image formats. Please help to improve this article by expanding it.įurther information might be found on the discussion page.
0 kommentar(er)
