Versions Compared

Old Version 12

changes.mady.by.user Erin O'Meara

Saved on

compared with

New Version Current

changes.mady.by.user Peter Chan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

  • Pre-SIP Tools and Workflow
    • AccessData FTK (Forensic Toolkit)
      • Description: FTK is designed for law enforcement officials and corporate security and IT professionals who need to access and evaluate the evidentiary value of files, folders, and computers. However, the bookmarks and labels functions which help investigators to organize the evidence they selected are equally applicable to the organization of the whole born digital collection. The pattern and full text search functions which are used to find particular evidence are equally applicable to search for restricted materials.
      • Availability: Now. http://accessdata.com/products/computer-forensics/ftk
      • License: Proprietary
      • Developers: AccessData Group
      • First release:
      • Current release: 3.3
      • See YouTube video on the use of AccessData FTK to extract technical metadata and to assign descriptive metadata to collections at http://www.youtube.com/watch?v=hDAhbR8dyp8
    • Bulk Extractor
      • Description: "a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures". For sample output, see http://www.forensicswiki.org/wiki/Bulk_extractor
      • Availability:
      • License:
      • Developers:
      • First release: September, 2008?
      • Current release:
    • Gumshoe
      • description: Gumshoe is a Rails-based application for searching metadata from disk images. It relies on Blacklight, Solr, and fiwalk.
      • Availability:
      • License:
      • Developers: Mark Matienzo
      • First release:
      • Current release:
    • fiwalk
      • description
    • sleuthkit
      • description: The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. You can use it with the Autopsy Forensic Browser.
      • Availability: download here.
      • License: Some of the files have roots in The Coroner's Toolkit (TCT) and are distributed under the IBM Public License. These files are limited to the file system code and mainly for the FFS and Ext2 file systems. Files that have been created since the fork are released under the Common Public License. This includes all other files in the library. Note that the Common Public License is a generic form of the IBM Public License. TSK also distributes a striped down copy of GNU binutils strings, which has a GPL 2license.
      • Developers:
      • First release:
      • Current release: 3.2.1 (February, 27, 2011)
    • autopsy
      • description
    • guymager (imaging tool)

...