Security

10 Best Free and Open Source Linux Digital Forensics Tools

Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media. Being able to preserve and analyze data in a safe and non-destructive way is crucial when using digital evidence as part of an investigation, and even more so when a legal audit trail needs to be maintained. Digital forensics can be used in a wide range of investigations such as computer intrusion, unauthorised use of computers including the violation of an organisation’s internet-usage policy, gathering intelligence from documents and emails, as well as the protection of corporate assets.

We have extolled the virtues of open source software in many of our previous articles. The debate between open source and closed source software has often centered on factors such as freedom, reliability, interoperability and open standards, support, and philosophy.

In this instance, open source software offers a legal benefit, as it can increase the admissibility of digital forensic evidence. This is because open source tools enable the investigator and court to verify that a tool does what it claims and makes it easier to prove that the original drive has not been modified, or that a copy has not been modified.

Linux has a good range of digital forensics tools that can process data, perform data analysis of text documents, images, videos, and executable files, present that data to the investigator in a form that helps identify relevant data, and to search the data.

To provide an insight into the software that is available, we have compiled a list of 10 of our favorite digital forensics tools. Hopefully, there will be something of interest here for anyone who needs to undertake digital investigations.

Here’s our rating chart with recommendations. Only free and open source software is eligible for inclusion.

Ratings chart

Click the links in the table below to learn more about each tool.

Digital Forensics Tools
GRR Rapid ResponseRemote live forensics for incident response
Radare2Portable reversing framework
The Sleuth KitCollection of tools for forensic analysis
Autopsy Forensic BrowserGraphical interface to SleuthKit
VolatilityAdvanced memory forensics framework
Mozilla InvestiGatorReal-time digital forensics and investigation platform
guymagerForensic imaging tool based on Qt
dcflddEnhanced version of dd for forensics and security
rddForensic copy program
JomonNetwork forensics and passive sniffer

This article has been revamped in line with our recent announcement.

Best Free and Open Source SoftwareRead our complete collection of recommended free and open source software. Our curated compilation covers all categories of software.

The software collection forms part of our series of informative articles for Linux enthusiasts. There are hundreds of in-depth reviews, open source alternatives to proprietary software from large corporations like Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk.

There are also fun things to try, hardware, free programming books and tutorials, and much more.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our FAQ before making a comment.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Tarek Hasan
Tarek Hasan
6 months ago

If you want to add live OS to the list, there’s Tsurugi Linux. It has the largest collection tools (more than a thousand) for DFIR workflow. In my opinion it’s better than CAINE.