The world of computer forensics, like everything related to computers, is rapidly developing and changing. While there are commercial investigative software packages such as Guidance Software’s EnCase and AccessData’s FTK, there are other software platforms that offer a solution for obtaining computer forensic results. Unlike the two packages mentioned above, these open source alternatives don’t cost hundreds of dollars; they are free to download, distribute, and use under various open source licenses.

Computer forensics is the process of obtaining information from a computer system. This information can be obtained from a live system (one that is working) or from a system that has been shut down. The process usually involves taking steps to obtain a copy or image of the target system (often an image of the hard drive is obtained, but in the case of a “live” system, this may even be the other memory areas of the target system). the computer).

After making an “image” or exact copy of the target, in which the copy is verified by “checksum” processes, the computer specialist can begin to examine and obtain a wide range of data. This copy is obtained through write-protected media to preserve the integrity of the original evidence. Information such as images, videos, documents, browsing history, email addresses, and phone numbers are just some of the data (or evidence if collected for potential legal purposes) that can often be obtained. Even deleted items can often be recovered.

Some of the open source packages available for free download include SAN SIFT (SANS Investigative Forensic Toolkit), DEFT (Digital Evidence & Forensics Toolkit), and CAINE (Computer Aided INvestigative Environment) bootable CDs. These powerful packages are based on a Windows-like Linux Ubuntu operating system (graphical environment) and feature dozens of tools, with each disc containing many of the same open source tools, offering similar capabilities. Some of these tools are The Sleuth Kit (a complete platform in itself), Photorec (great for recovering all kinds of deleted files), Scalpel (another deleted file recovery tool), Bulk Extractor (bulk email extraction tool). and URL), Chntpw (a utility to reset the password of any user who has a valid local account on a Windows NT/2k/XP/Vista/7/8 system), Gparted (a partition editor to create, reorganize and delete disk partitions), and Log2timeline (a timeline generation tool).

So if you’re interested in technical things, download one of these discs and start becoming a computer detective today.