Business Services Industry
Computer Forensics Gear
Internal Auditor, August, 2001 by Mark Bigler
Computer Forensics Tools *
TOOL PRODUCT
EVIDENCE PRESERVATION
Mirror Image (Bit Stream) Copy SafeBack
EnCase
CaptureIT
SnapBack DatArrest
ByteBack
Norton Ghost 2001
Linux dd File Utility
Bit-Stream Software/Hardware DIBS
Packaged Solutions FRED
Mobile Forensic Workstation
Portable Forensic Workhorse
Solitaire Forensics
Diskette Image Copy CopyQM Plus, Anadisk
DOS "Diskcopy /V" command
System Testing and Documentation GetTime
AMIDiag
Checklt Portable, Checklt Suite
Partition Magic
DOS "FDISK" Command
Drive Image and File Validation CRCMd5, DiskSig
EnCase
Md5
Anti-virus Norton Anti-Virus
Dr. Solomon's Anti-Virus,
McAfee VirusScan
EVIDENCE RECOGNITION, COLLECTION,
ANALYSIS
File Listing and Documentation EnCase
FileList, NTI-Doc, ShowFL
DIBS
DISKCAT (also compares the file
header to the file extension)
Undelete Norton Utilities
Lost & Found
Fast File Undelete
Directory Structure Documentation NTI-Doc
DIBS
EnCase
TOOL COMPANY
EVIDENCE PRESERVATION
Mirror Image (Bit Stream) Copy New Technologies Inc. (NTI)
Guidance Software Inc.
Ontrack Data Internationa Inc.
Columbia Data Products Inc.
Tech Assist Inc.
Symantec Corporation
(Included with most Linux and
UNIX operating systems)
Bit-Stream Software/Hardware Computer Forensics Ltd.
Packaged Solutions Digital Intelligence Inc.
Vogon International Ltd.
Forensic-Computers.com
Logicube
Diskette Image Copy New Technologies Inc.
(DOS operating system)
System Testing and Documentation New Technologies Inc.
American Megatrends Inc.
Smith Micro Software Inc.
PowerQuest Corporation
(DOS operating system)
Drive Image and File Validation New Technologies Inc.
Guidance Software Inc.
Mares and Company, LLC
Anti-virus Symantec Corporation
Network Associates Inc.
EVIDENCE RECOGNITION, COLLECTION,
ANALYSIS
File Listing and Documentation Guidance Software Inc.
New Technologies Inc.
Computer Forensics Ltd.
Maresware
header to the file extension)
Undelete Symantec Corporation
PowerQuest Corporation
dtidata.com
Directory Structure Documentation New Technologies Inc.
Computer Forensics Ltd.
Guidance Software Inc.
TOOL WEB SITE
EVIDENCE PRESERVATION
Mirror Image (Bit Stream) Copy www.forensics-intl.com
www.guidancesoftware.com
www.ontrack.com
www.cdp.com
www.toolsthatwork.com
www.symantec.com
Bit-Stream Software/Hardware www.computer-forensics.com
Packaged Solutions www.digitalintel.com
www.vogon.co.uk
www.forensic-computers.com
www.logicube.com
Diskette Image Copy www.forensics-intl.com
System Testing and Documentation www.forensics-intl.com
www.ami.com
www.smithmicro.com
www.powerquest.com
Drive Image and File Validation www.forensics-intl.com
www.guidancesoftware.com
www.maresware.com
Anti-virus www.symantec.com
www.nai.com
EVIDENCE RECOGNITION, COLLECTION,
ANALYSIS
File Listing and Documentation www.guidancesoftware.com
www.forensics-intl.com
www.computer-forensics.co
www.maresware.com
header to the file extension)
Undelete www.symantec.com
www.powerquest.com
www.dtidata.com
Directory Structure Documentation www.forensics-intl.com
www.computer-forensics.com
www.guidancesoftware.com
Text/Hex Editor (to view hidden, Norton Commander, Norton
system, and text files; free space; Utilities -- Disk Editor
FAT; swap files; slack, etc.) WinHex
VEDIT
EnCase
DriveSpy
Binary data filter Filter_I
File Viewer (for spreadsheet, Quick View
database, word processor, Turbo Browser 2001
graphics, etc.) DiskJockey 2000
EnCase
DIBS
Search/Find STRSRCH (logical), SS
(physical)
dtSearch Desktop
DIBS
Norton Utilities
Text Search Plus, DiskSearch
Pro,
DiskSearch 32
Sorter ACL
UNIX commands such as "grep,"
"awk," and "sed"
DIBS
Free (Unallocated) Space Collector GetFree, Filter_I
Viewer DIBS
EnCase
Slack Space Collector/Viewer GetSlack, Filter_I
EnCase
DIBS
Password/Encryption Crackers Advanced Password Recovery
Software Kit
Password Recovery Toolkit
Passware Kit
Searcher for Web-related_Evidence Net Threat Analyzer-IP Filter
Hidden Partition Finders PartitionMagic
Norton Utilities
PTable
Fdisk DOS Utility
Text/Hex Editor (to view hidden, Symantec Corporation
system, and text files; free space;
FAT; swap files; slack, etc.) State-of-the-Art Software
Greenview Data Inc.
Guidance Software Inc.
Digital Intelligence Inc.
Binary data filter New Technologies Inc.
File Viewer (for spreadsheet, Jasc Software
database, word processor, FileStream Inc.
graphics, etc.) Clear & Simple Inc.
Guidance Software Inc.
Computer Forensics Ltd.
Search/Find Maresware
dtSearch Corporation
Computer Forensics Ltd.
Symantec Corporation
New Technologies Inc.
Sorter ACL Services Ltd.
(UNIX operating system)
Computer Forensics Ltd.
Free (Unallocated) Space Collector New Technologies Inc.
Viewer Computer Forensics Ltd.
Guidance Software Inc.
Slack Space Collector/Viewer New Technologies Inc.
Guidance Software Inc.
Computer Forensics Ltd.
Password/Encryption Crackers New Technologies Inc.
AccessData Corporation
LostPassword.com
Searcher for Web-related_Evidence New Technologies Inc.
Hidden Partition Finders PowerQuest Corporation
Symantec Corporation
New Technologies Inc.
(DOS operating system)
Text/Hex Editor (to view hidden, www.symantec.com
system, and text files; free space;
FAT; swap files; slack, etc.) www.sf-soft.de
www.vedit.com
www.guidancesoftware.com
www.digitalintel.com
Binary data filter www.forensics-intl.com
File Viewer (for spreadsheet, www.jasc.com
database, word processor, www.filestream.com
graphics, etc.) www.clear-simple.com
www.guidancesoftware.com
www.computer-forensics.
com
Search/Find www.maresware.com
www.dtsearch.com
www.computer-forensics.
com
www.symantec.com
www.forensics-intl.com
Sorter www.acl.com
www.computer-forensics.
com
Free (Unallocated) Space Collector www.forensics-intl.com
Viewer www.computer-forensics.
com
www.guidancesoftware.com
Slack Space Collector/Viewer www.forensics-intl.com
www.guidancesoftware.com
www.computer-forensics.
com
Password/Encryption Crackers www.forensics-intl.com
www.accessdata.com
www.lostpassword.com
Searcher for Web-related_Evidence www.forensics-intl.com
Hidden Partition Finders www.poweroquest.com
www.symantec.com
www.forensics-intl.com
(*)There are many software and hardware tools on the market that
can be used for computer forensics. This listing only reflects a
sample of such tools and is not meant to be all-inclusive.
Related Results
- 5 Rules for Immediate Annuities
- Death in the Family: 12 Things to Do Now
- Dumbest Things You Do With Your Money
- 6 Online Networking Mistakes to Avoid
- 401(k) Mistakes to Avoid
- 5 Economic Scenarios to Keep You Up at Night
- The Real ‘Best Places to Retire’
- Best Credit Cards for You
- 12 Tough Questions to Ask Your Parents
- The Real ‘Best Colleges’
- Home Buyer Tax Credit: How to Cash In
- Why You Shouldn't Bash Cash
- 8 Phony 'Bargains' and Better Alternatives
- Danger: 3 Debit Card Scams to Avoid
- 6 Myths About Gas Mileage
- 29 Fees We Hate Most
- Quick and Easy Ways to Boost Returns
- Best Stocks to Buy Now
- Lower Your Taxes: 10 Moves to Make Now
- New Jobs: 8 Lessons from Real-Life Career Switchers
- The New Job Market: Who Wins and Who Loses?
- Health Care Reform's Public Option: Everything You Need to Know
- Volunteer Work When Unemployed: Should You Work for Free?
- Whose Recovery Is This?
- Long-Term-Care Insurance: 4 Biggest Risks to Avoid
Content provided in partnership with
Most Recent Business Articles
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- LIFO vs. FIFO: a return to the basics
- Using object-oriented analysis and design over traditional structured analysis and design
- Design a commission plan that drives sales - Sales Commissions
