As a cyber security professional, you will be tasked with creating and maintaining your company’s incident response plan. This includes understanding how to apply digital forensics on the fly. You should be prepared for any type of scenario by building out your forensics toolkit. This should contain everything you need to document, isolate, copy and drill down into anything that may need to be reported on later.
SANS SIFT
The best digital forensics toolkit should be one made by professionals for professionals. SANS institutehas written the novel when it comes to cyber security, why wouldn’t you have their forensics tool in your arsenal? Some of the keys features you can expect from SIFTinclude a VMware ready application, cross compatibility between Linux/Windows and auto-DFIR package updates.SIFTcovers tasks like time lining system logs, carving data files and even recalling the recycling bin.
Volatility framework
Volatilityprovides cyber security professionals with a benchmark framework for assessing RAM on a computer. With the discovery of malware that exploit the RAM, the industry was forced to create a way to safeguard against it. This framework provides you with all the checks and balances used by law enforcement and military investigators alike.
Xplico
Network intrusion detection, prevention and documentation is a very important piece of digital forensics and keeping track of your digital paper trail for evidence purposes. Xplico’s main focus is network forensics and is automatically included in tools like Kali Linux,BackTrackand Security Onion boot disc for ease of use. Xplicois able to retrace web page traffic, content and files to help determine its origin. Xplicois like a glorified Wireshark and tcpdump all in one.
Caine
Caine specializes in mobile forensics and data recovery, with its biggest feature being this custom GUI interface for on the fly forensics. Caineis commonly known as the “CSI Tool” from the hit TV series.
Exiftool
For those professionals that prefer the command line, Exiftoolis for you. Its simple interface allows the ability for you to drag and drop any file type that needs to be extracted. This quick tool is essential for both in the field and in the office forensics.
Redline
This tool was created by the security giant Fire eye, known for its intelligence analysis program across the globe. Redlinegives you the ability to ether collect or analyse imported data. Its main feature is memory/file analysis based on a specific host. It will then perform any of the popular forensics actions requested upon host image import as well as preserving the evidence trail.
Whether you are just learning cyber security forensics, or you are a seasoned professional, it is always a good idea to continue to refine your toolkit to ensure you have the industry best solutions at your disposal. Forensics is a gentle giant and requires the upmost patience and skill to remain compliant with any legal or regulatory requirements that may be required by your company.