Computer Forensics

Posted: December 30th, 2011 | Author: admin | Filed under: Linux, Uncategorized, Windows | Tags: | No Comments »

The tools I use for computer forensics.

Windows

  • Recuva – Excellent at recovering data from Windows partitions and free to boot.
  • UFS Explorer – Not free, but is able to recover from linux partitions (Recuva is better for FAT/NTFS)
  • explore2fs – Access linux partitions from Windows. Free.
  • HFSExplorer – Access Mac partitions from Windows

Linux

  • Hiren’s Boot CD – Contains an impressive lineup of programs for computer forensics, but its legal status is often debated.
  • Trinity Rescue Kit – A live distro with backup programs, Midnight Commander, testdisk, shell and other good stuff. Legal!