FTK - Forensics Toolkit

    This application is recognized world-wide as a major standard in computer forensic analysis - including decryption and cracking. The interface is graphical, customizable, and reportedly designed for the Windows platform with Macintosh support for analysis work. An FBI ISSO recently recommended this application to WGU students and alumni. This is a commercial software product.



    BackTrack Linux

    Offensive Security sponsors the BackTrack  Linux project at http://www.backtrack-linux.org/. This widely utilized Linux security-driven distribution is described by the development staff as a product "...designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world."



    PTK - Sleuth Kit GUI + 

    The PTK forensics is a computer forensic framework based on command line tools in the SleuthKit (below). PTK has also developed new software modules and has recently announced a working partnership to provide PTK's free forensics software as part of BackTrack 5 (above.) The PTK website says this about their offering, which builds upon TSK framework, "Thanks to this approach, users can investigate a system much easier. PTK forensics is an alternative advanced framework for the TSK suite (The SleuthKit). Born as a free interface in order to improve the features already present in "Autopsy Forensic Browser" (the former TSK interface), PTK Forensic is now much more. Thus, in addition to providing the features present in the 'Autopsy Forensic Browser' it now implements numerous new essential forensic features. PTK offers free and commercially licensed software.



    The Sleuth Kit

    Sleuthkit.org is the official website and resource for The Sleuth Kit (TSK) C library and collection of open-source command line tools developed for digital investigations and forensics. TSK runs on Windows, Linux, OSX, BSD, and Solaris. It also supports analysis of multiple file systems and volume types.



    SANS Investigative Forensics Toolkit - SIFT 

    The SANS SIFT Workstation 2.0 is constructed with an Ubuntu base and offers a vmware appliance, Cross compatibility between Linux and Windows, preconfigured forensics tools, a portable lab workstation for investigations, stand-alone options. SANS has a substantial library of complimentary webcasts that involve the SANS SIFT toolkit, as well as a significant amount of commercial training.



    Digital Forensics Framework

    DFF (Digital Forensics Framework), according to their website, is a free and open-source platform dedicated to digital forensic and eDiscovery sciences. The framework consists of tools, libraries, modules, and user interfaces deticated to volume, applications data, file system, media, and user analysis.



    Open Computer Forensics Architecture

    Accessable from and according to Sourceforge.net, the Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework. It was developed by the Dutch National Police Agency. The utility's primary approach is aimed at speeding up cyber investigations and tactical analysis for investigators through the use of powerful, easy to use interfaces.



    Computer Online Forensic Evidence Extractor (COFEE)

    Microsoft's COFEE software was originally designed by a law enforcement professional to offer fast, easy-to-use and automated tools for first responders dealing with computer forensics. The utility is free of charge for law enforcement agencies and individuals.

    Western Governors University