Mac Forensics Tools Free

Posted By admin On 05.10.21

He presents a wide list of forensic tools, which can be used for solving common problems, such as imaging, file analysis, data carving, decryption, email analysis, etc. Here is the full list of tools discussed in the podcast: RECON for Mac OS X – Automated Mac Forensics, RAM Imaging, Search features, Live Imaging and Timeline generation. The typical forensic process has several distinct stages: the seizure, forensic acquisition, analysis, and the production of a report based on the collected data. There are special free forensic software tools as well as paid forensic tools for each stage. A list of digital forensics tools can be found later in this article.

Introduction

According to Juniper Research, cybercrime losses to businesses will surpass $2 trillion by the year 2019. With data breaches occurring all around the world every day, the demand for experts in computer forensics will also increase. Whether you need to investigate an unauthorized server access, look into an internal case of human resources, or are interested in learning a new skill, these free and open source computer forensics tools will help you conduct in-depth analysis, including hard drive forensics, memory analysis, forensic image exploration, and mobile forensics. However, this is not an extensive list by all means and may not cover all necessary tools required for a complete investigation. It only includes some of the popular and useful tools. Using the right tools can always help you move things faster and result in more productive results.

Forensic Toolkits

These are multipurpose forensic toolkits that can carry out a number of detailed digital forensic tasks.

SANS Investigative Forensic Toolkit (SIFT)

Based on Ubuntu, SIFT has all the important tools needed to carry out a detailed forensic analysis or incident response study. It supports analysis in advanced forensic format (AFF), expert witness format (E01) and RAW evidence (DD) format. It comes with tools to carve data files, generate timeline from system logs, examine recycle bins, and much more.

SIFT provides user documentation that allows you to get accustomed to the available tools and their usage. It also explains where evidence can be found on a system. Tools can be opened manually from the terminal window or with the help of top menu bar.

Having more than 100,000 downloads to date, SIFT continues to be a widely used open-source forensic and incident response tool.

New key features Include:

Ubuntu LTS 16.04 Base
64-bit base system
Auto-DFIR package update and customization
VMware appliance ready to tackle forensics
Cross-compatibility between Windows and Linux
Choice to install stand-alone via (.iso) or use via VMware Player/Workstation
Online documentation project athttp://sift.readthedocs.org/

Pros: Better utilization of memory, modern forensic tools and techniques, expanded file system support.

Link: https://digital-forensics.sans.org/community/downloads

Sleuth Kit Autopsy

Autopsy is a digital forensics platform that efficiently analyzes smartphones and hard disks. It is used worldwide by a large number of users, including law enforcement agencies, the military, and corporations to carry out investigations on a computer system. It has an easy-to-use interface, processes data fast, and is cost-effective. Sleuth Kit is a collection that consists of command line tools and a C library allowing the analysis of disk images and file recovery. It is used at the back end in the Autopsy tool.

Key features of Autopsy include:

Timeline Analysis—Advanced interface for graphical event viewing.
Hash Filtering—Flags known bad files and overlooks known good files.
Keyword Search—Indexed keyword search makes file search easier.
Web Artifacts—Extracting bookmarks, history, and cookies from web browsers.
Data Carving—Recovering deleted files from unallocated space by using PhotoRec.
Multimedia—Extracting EXIF from pictures and watching videos.
Compromise Indicators—Scanning a computer using STIX.

Pros: Good documentation and support

Cons: It requires special user skills because it is based on Unix.

Link:http://www.sleuthkit.org/autopsy/

Oxygen Forensic Suite

Available in free and professional versions, this forensics tool helps you to collect evidence from a mobile phone. It collects all device information such as serial number, IMEI, OS, etc., and recovers messages, contacts and call logs. Its file browser feature enables you to have access to and analyze photos, documents, videos and device database.

Some more important features include:

Built-in cloud data recovery.
Contact aggregation helps to identify linked profiles from all sources, including app accounts.
Social graph features identify most frequently communicated contacts, making it easier to conduct the investigation.
Map feature locates all check-ins, map lookups, visited websites, and messages containing geolocation metadata of all the devices being studied under the case.
Timeline feature reveals the most active user hours and most common ways in which the device is operated.
Allows importing messages from three other mobile forensic tools, JTAG/ISP images, RAW/DD files, and chip-off dumps.

Pros: It provides several ways to extract data including Bluetooth, USB cable, iTunes backups, other forensic software backups, and Android backups. Also, the main interface is straightforward and easy to use. It provides sophisticated data analysis and has several useful data analysis features.

Cons: Unlike its competitors XRY and UFED, its free version does not provide advanced features such as cracking Android backups or locked iPhone.

Link:https://www.oxygen-forensic.com/en/

Mac Os Forensics Tool

DEFT Zero

DEFT (digital evidence and forensics toolkit) is a Linux-based distribution that allows professionals and non-experts to gather and preserve forensic data and digital evidence. The free and open source operating system has some of the best computer forensics open source applications. DEFT Zero is a lightweight version released in 2017.

Some of its useful features are as follows:

Supports 32 and 64 bit hardware with UEFI and secure boot.
Supports NVMExpress memories and eMMC memories.
DEFT Zero Linux 2017.1 can be operated in three booting modes: GUI mode, RAM preload GUI mode, and text mode.

Pros: Needs only 400 MB memory to run. This means that it can be run even on a slow or obsolete PC.

Www.downloadcloud.com › Forensic-software12+ Best Forensic Software For Windows, Mac, Linux ...

Link: http://www.deftlinux.net/2017/02/13/deft-zero-2017-1-ready-for-download/

Network Forensic Tools

These tools help in the extraction and forensic analysis of activity across the network.

WireShark

WireShark is one of the most commonly used network protocol analyzers. It allows you to investigate your network activity at the microscopic level. Wireshark is widely used by government agencies, corporations and educational institutes.

Allows deep investigation into many protocols, with the number of protocols being added constantly.
Offline and online analysis.
Supports multiple platforms that include Windows, Solaris, Linux, FreeBSD, Mac OS, NetBSD, and others.
Network data can by browsed through TTY mode (Tshark utility) or a graphical user interface.
Powerful display filters.
Strong VoIP analysis
Reading/writing enabled in multiple file formats, such as tcpdump (libpcap), Cisco Secure IDS iplog, Network General Sniffer® (compressed and uncompressed), Novell LANalyzer, to name a few.
Data can be read live from IEEE 802.11, Ethernet, FDDI, Token Ring, and others.
Supports decryption for various protocols, including Kerberos, ISAKMP, IPsec, SSL/TLS, WPA/WPA2, and WEP.
Supports the export of output to CSV, XML, or plain text

Pros: Digs deep to uncover minor details in the network data.

Cons: Does not exactly pinpoint the solution you are looking for and dumps raw data into large files for you to figure out.

Link: www.wireshark.org

Network Miner

This is a network forensic analysis tool (NFAT) for Windows, Mac OS X, Linux, and FreeBSD. These tools come in a free edition as well as a professional paid edition. Network Miner’s free edition can

Work as a passive network sniffer that captures packets to detect hostnames, sessions, open ports and operating systems without generating traffic on network.
Allow for offline analysis by parsing PCAP files.
Regenerate transmitted certificates and files from PCAP files.
Save time of forensic analysts by presenting extracted data with a user-friendly interface.

Pros: Captures network traffic, investigates potential rogue hosts, assembles and extracts files from captured traffic.

Link:http://www.filecroco.com/download-networkminer

Xplico

This is an open-source network forensic analysis tool (NFAT) that can extract app data from internet traffic. For instance, Xplico can extract email, HTTP contents, VoIP call, FTP, TFTP, etc., from a pcap file. Important features of Xplico are:

Supports HTTP, IMAP, POP, SIP, SMTP, UDP, TCP, Ipv6 protocols
Multithreading
Port-independent protocol identification for application protocol
Outputs data and information as a MySQL or SQLite database
Associates an XML file with each reassembled data set
Reverse DNS lookup
No size limit on number of files or data size
Supports IPv4 and IPv6
Modular components, i.e., input interface, output interface, and protocol decoder.

Pros: There is no size limit on number of files or data size. Its command line shows more detail and its geo-map feature can be used in web interface as well as console mode.

Cons: it is not possible to copy packets and send them to two separate dissectors; instead, there is the possibility of losing the packets, as the average processing time for a packet is higher than the average number of packets per second in Xplico.

Link:www.xplico.org

Forensic Imaging Tools

These tools help in analyzing disk images at microscopic level.

FTK Imager

this is a data preview and imaging tool with which one can study files and folders on a hard drive, network drive, and CDs/DVDs. It allows you to:

Mac Forensic Software

review forensic memory dumps or images.
create MD5 or SHA1 file hashes that are already deleted from the recycle bin, if their data blocks have not already been overwritten.
mount forensic images to view their contents in browser.

Pros: Creates bit-by-bit image and creates exact replica of the drive, thus allowing the investigator to view deleted or irretrievable files. It also creates a keyword index for every image, which makes future searches easier.

Cons: It doesn’t carve files and lacks recursive export capabilities.

Link:http://accessdata.com/product-download/ftk-imager-version-3.4.3

Linux “dd”

Linux dd is a powerful tool that is installed by default in most Linux distributions (Fedora, Ubuntu). It can be used for conducting a number of forensic tasks like creating raw image of a folder, file, or drive.

On the negative side, it can be quite destructive if not used properly, thus earning the name “Data Destroyer” from some users. It is therefore advisable to test the command in a safe environment first and then apply it to the real data.

IXImager

This comes with a small, and fast-booting forensic image analysis in a microkernel that runs from portable media. It physically boots the device, captures and authenticates a computer system, and reconstructs the filesystem.

Key features include:

Securely accounts for data corruption.
Documents and records data tampering.
Uses high-speed data compression RW.
Has the capability for data to span different file systems, media types and output devices.
Creates detailed data acquisition logs.
Creates encrypted authentication log file for user actions and locks it to prevent it from being tampered.

Link:https://www.perlustro.com/solutions/e-forensics/iximager

Memory Forensics

Magnet RAM Capture

Magnet Ram Capture is one of the many tools provided by Magnet Forensics. It is a free tool that captures the physical memory of a computer. This can help forensic investigators recover and analyze useful artifacts in the computer’s memory.

Having a small memory footprint, the tool can be run while the overwritten data in the memory is minimized. The collected memory data can be exported in RAW format and uploaded into any of the forensic analysis tools.

RAM evidence captured by the tool includes processes and programs, network connections, registry hives, malware intrusion evidence, decrypted keys and files, usernames and passwords, and any other activity not usually stored on the hard disk.

Pros: Acquires full physical memory fast and leaves small footprint on live system that is under analysis.

Link:https://www.magnetforensics.com/free-digital-forensics-software-tools/

Memoryze

This free memory forensic tool helps discover malicious activity in live memory. It can acquire and analyze images from memory.

Key features include:

Creating an image of entire system memory.
Creating an image of a specific driver or all drivers in memory to the disk.
Creating an image of the complete address space of a process to disk.
Counting all running process and listing them.
Identifying drivers that are loaded in memory.

Link: https://www.fireeye.com/services/freeware/memoryze.html

Website Forensics

FAW (Forensics Acquisition of Websites)

This is the first browser that can acquire web pages from websites available online to conduct forensic investigation.

Its key features include:

Viewing and editing host files.
Audio/video capture.
Acquiring code for iFrames on the webpage.
Acquiring IP address and hostname of webpage.
Support for English, French, Italian, and Polish languages.
Improved performance and stability.

Pros: It extracts image files on webpages being viewed. It can capture files such as JavaScript and CSS on a website, which can help detect malware. It preserves a webpage while it is being viewed by a user.

Link:www.fawproject.com

Πηγή : infosecinstitute

Advertisement
ISafe Employee Monitor 2012 v.5.8.9.663iSafe Employee Monitoring Software records and monitors your employee's activities and provides you on-site and remote access to employee's logs and computer screens in real time. About computer monitoring software.
Hidetools Spy Monitor - Full Version v.2010Hidetools Spy Monitor - Full Version - Is powerful computer spy software that allows you to secretly monitor EVERYTHING users do on your computer (keystrokes typed, websites visited, system activity, applications used, screenshots and more). You can ...
ShredIt v.5.0Protect your privacy with this easy to use file shredder for Mac OS 8 and 9. Erase a hard drive or wipe a file with ShredIt - computer privacy software that erases files, disk free space, hard drives and external hard drives. Shred and be sure.
Perfect Computer Icons v.2011.7Perfect Computer Icons is a collection of high-quality handmade 'all-about-computer' icons that will suit any type of application or website. The set covers a very broad range of topics, notions and objects that we all deal with on a daily basis.
Switch MP3 Plus Converter Software v.1.42Switch MP3 is an audio file converter for Windows and is easy to use. Just add the audio files to be converted to the audio file format to be converted list, select the output audio file format, and click the convert button. Switch MP3 Converter ...
Encrypt Fox v.1.00Encrypt Fox software converts YOUR USB flash drive into your personal vault and the key to access and LOCK your private files. EncryptFox software is the most advanced portable security application available on the market today. EncryptFox turns your ...
DutyWatch Remote v.1.2.40Spy software includes keystroke and password recording. Due to ability to monitor employee web this perfect keylogger for Mac assists in time and expense tracking.
IMS Telephone On-Hold Player for Mac v.3.31The IMS plays telephone on hold messages or music using a computer with any standard sound card or voice modem on Mac OS X computers. The computer can still be used as normal.If you have a Mac OS X computer in your office, this is the most advanced ...
Wavepad Sound Creation for Mac v.5.60WavePad is sound editing software for Mac OS X. This program lets you make and edit voice, music and other audio recordings. You can cut, copy and paste parts of recording and, if required, add effects like echo, amplification and noise reduction.

KeyBlaze Free Mac Typing Tutor v.2.15KeyBlaze is a typing tutor software program designed to assist with learning how to speed type and touch type.
ShredIt X for Mac OS v.5.8.7Files can be recovered from your computer trash. Protect your privacy with this easy to use file shredder and hard drive cleaner that will secure delete files so they can’t be recovered. Whether you want to clean a hard drive or erase a file, ...
Tone Generator for Mac v.3.12NCH Sound Tone Generator lets you create audio tones, sweeps or noise waveforms on Mac OS X. Typical Applications include test tone generation in studios for the alignment of levels, calibration and testing of audio equipment.
Acronis True Image 2016 for Mac v.2.6077Brand-new computer backup software that protects both Macs and PCs. Fastest backup in the industry is now enhanced with data migration tools and the ability to backup virtual machines. Certified for Win 10 and the latest Mac OS X versions.
Tipard Android Data Recovery for Mac v.1.0.88Tipard Android Data Recovery for Mac can recover text messages, contacts, photos, videos and more deleted files from Android devices on Mac. It supports Samsung Galaxy Note 5/4, Samsung Galaxy S6, HTC M9, ZET, Huawei and more Android phones.
KeyBlaze Typing Tutor For Mac v.2.15KeyBlaze is a typing tutor program for Mac designed to assist with learning how to speed type and touch type.
Atmatic Clip2Net for Mac v.0.4Taking screenshots and publishing them on the Internet has never been so quick and easy as it is with Clip2Net for Mac, a Mac screen capture utility which makes the process a great deal more efficient. An essential utility for those who need to ...
WhatRoute v.1.9.0WhatRoute 1.9.0 is a useful and essential network diagnostic utility designed for Apple Macintosh computers. Primarily it provides a Traceroute function, but can also perform Ping, Domain Name Service queries, Whois queries and monitor the traffic to ...
Jalada Sculpture v.1.2.5jalada Sculpture is an easy to use triangle-based model editor for 3D art and animation. It features multi-level undo, skeletal animations, texturing, command-line batch processing, and a plug-in system for adding new model and image filters.
Express Dictate for Mac v.7.00Express Dictate is a professional dictation voice recorder for Mac OS X. Features include voice activated recordings, record insert, overwrite and append, encryption and ability to send recordings automatically via FTP, Email, LAN and command line.
Aiseesoft Blu-ray Ripper Mac Platinum v.6.3.88Aiseesoft Blu-ray Ripper for Mac Platinum is used to rip any Blu-ray/DVD and convert popular video/audio files to any video and audio format, and transfer all files between iPhone and Mac.

Computer Forensic Software software by TitlePopularityFreewareLinuxMac

Today's Top Ten Downloads for Computer Forensic Software