Last Updated on November 12, 2023
Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media. Being able to preserve and analyze data in a safe and non-destructive way is crucial when using digital evidence as part of an investigation, and even more so when a legal audit trail needs to be maintained. Digital forensics can be used in a wide range of investigations such as computer intrusion, unauthorised use of computers including the violation of an organisation’s internet-usage policy, gathering intelligence from documents and emails, as well as the protection of corporate assets.
We have extolled the virtues of open source software in many of our previous articles. The debate between open source and closed source software has often centered on factors such as freedom, reliability, interoperability and open standards, support, and philosophy.
In this instance, open source software offers a legal benefit, as it can increase the admissibility of digital forensic evidence. This is because open source tools enable the investigator and court to verify that a tool does what it claims and makes it easier to prove that the original drive has not been modified, or that a copy has not been modified.
Linux has a good range of digital forensics tools that can process data, perform data analysis of text documents, images, videos, and executable files, present that data to the investigator in a form that helps identify relevant data, and to search the data.
To provide an insight into the software that is available, we have compiled a list of 9 of our favorite digital forensics tools. Hopefully, there will be something of interest here for anyone who needs to undertake digital investigations.
Here’s our rating chart with recommendations.
Let’s explore the 9 digital forensics tools at hand. For each application we have compiled its own portal page, a full description with an in-depth analysis of its features, screenshots, together with links to relevant resources.
Digital Forensics Tools | |
---|---|
GRR Rapid Response | Remote live forensics for incident response |
Mozilla InvestiGator | Real-time digital forensics and investigation platform |
Radare2 | Portable reversing framework |
The Sleuth Kit | Collection of tools for forensic analysis |
Autopsy Forensic Browser | Graphical interface to SleuthKit |
Volatility | Advanced memory forensics framework |
guymager | Forensic imaging tool based on Qt |
dcfldd | Enhanced version of dd for forensics and security |
rdd | Forensic copy program |
![]() The software collection forms part of our series of informative articles for Linux enthusiasts. There are hundreds of in-depth reviews, open source alternatives to proprietary software from large corporations like Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. There are also fun things to try, hardware, free programming books and tutorials, and much more. |