+44(0)203 854 2230 info@locke-mccloud.com

Locke & McCloud Banner

Cyber Security News

Your Essential Digital Forensics Toolkit

03 March 2020

By Locke & McCloud

Your Essential Digital Forensics Toolkit

As a cyber security professional, you will be tasked with creating and maintaining your company’s incident response plan. This includes understanding how to apply digital forensics on the fly. You should be prepared for any type of scenario by building out your forensics toolkit. This should contain everything you need to document, isolate, copy and drill down into anything that may need to be reported on later.

SANS SIFT

The best digital forensics toolkit should be one made by professionals for professionals. SANS institutehas written the novel when it comes to cyber security, why wouldn’t you have their forensics tool in your arsenal? Some of the keys features you can expect from SIFTinclude a VMware ready application, cross compatibility between Linux/Windows and auto-DFIR package updates.SIFTcovers tasks like time lining system logs, carving data files and even recalling the recycling bin.

Volatility framework

Volatilityprovides cyber security professionals with a benchmark framework for assessing RAM on a computer. With the discovery of malware that exploit the RAM, the industry was forced to create a way to safeguard against it. This framework provides you with all the checks and balances used by law enforcement and military investigators alike.

Xplico

Network intrusion detection, prevention and documentation is a very important piece of digital forensics and keeping track of your digital paper trail for evidence purposes. Xplico’s main focus is network forensics and is automatically included in tools like Kali Linux,BackTrackand Security Onion boot disc for ease of use. Xplicois able to retrace web page traffic, content and files to help determine its origin. Xplicois like a glorified Wireshark and tcpdump all in one.

Caine

Caine specializes in mobile forensics and data recovery, with its biggest feature being this custom GUI interface for on the fly forensics. Caineis commonly known as the “CSI Tool” from the hit TV series.

Exiftool

For those professionals that prefer the command line, Exiftoolis for you. Its simple interface allows the ability for you to drag and drop any file type that needs to be extracted. This quick tool is essential for both in the field and in the office forensics.

Redline

This tool was created by the security giant Fire eye, known for its intelligence analysis program across the globe. Redlinegives you the ability to ether collect or analyse imported data. Its main feature is memory/file analysis based on a specific host. It will then perform any of the popular forensics actions requested upon host image import as well as preserving the evidence trail.

Whether you are just learning cyber security forensics, or you are a seasoned professional, it is always a good idea to continue to refine your toolkit to ensure you have the industry best solutions at your disposal. Forensics is a gentle giant and requires the upmost patience and skill to remain compliant with any legal or regulatory requirements that may be required by your company.

 

 

 

 

 

 

Share this article