I researched the most popular computer forensics tools and discovered the reasons behind why they are the best. In my opinion, based off of my research, I believe the top five tools are X-Ways, EnCase, SANS SIFT, ProDiscover Forensic, The Sleuth Kit (Autopsy).
X-Ways is an advanced digital forensics platform. It runs on all Windows versions, low resource utilization and runs faster . It’s very convenient. because it doesn’t require any type of installation since it runs off a USB stick and downloads within seconds . Key features include disk cloning and imaging, ability to file system partitions and structures, and automatic identification of lost and deleted partitions . X-Ways has even more features than what I have listed and proves to be a top forensic tool.
EnCase is a multi-function forensic platform . It is globally recognized as the gold standard for digital forensics. It has reliable acquisition of evidence, which means it ensures the integrity of the evidence. An important feature is Deep Forensic Analysis, which is it’s ability to uncover evidence on a device that might of went unnoticed otherwise . EnCase has more functions, but with it’s recognition as the gold standard, I believe it is a top tool.
SANS Investigative Forensic Toolkit (SANS SIFT) was the number one tool I discovered in my research. Essentially, it is an Ubunto-based live CD which contains various types of tools to perform deep forensic or incident response investigations. Key features include better memory utilization, contains latest forensic tools and techniques, a VMware Appliance ready for use for forensics, and cross compatibility between Linux and Windows . I believe the SANS SIFT is quite handy, convenient, and portable. It’s a CD that contains everything you could need to operate as a forensic examiner.
ProDiscover Forensic is a computer security tool that allows professional to locate all of the data on a hard drive while simultaneously protecting evidence and create quality reports . It has the capability to recover deleted files, can preview all files on the system to include hidden and deleted without altering Metadata, and can create a Bit-Stream copy of the disk to be analyzed to ensure the original is intact .
The Sleuth Kit is just as important as the other tools I’ve discussed. It’s core function is to analyze volume and file system data . It has the Autopsy function, which is a GUI-based program used to analyze hard drives and mobile devices. Also, it allows for user collaboration on cases .
Each of the tools I’ve discussed are important and are each viable in different situations. It’s good to note that you should definitely use more than one tool as a digital forensics examiner. Out of all of the ones I’ve discussed, my favorites would be X-Ways and SANS SIFT. X-Ways for it’s portability and features. SANS SIFT for having various forensic tools, appliances, and techniques at your disposal contained in a CD. ProDiscover, EnCase, and Sleuth Kit are just as good, but by functionality, X-Ways and SANS SIFT seems quite intriguing.
”Popular Computer Forensics Top 21 Tools [Updated for 2019]”, Infosec Resources, 2020. [Online]. Available: https://resources.infosecinstitute.com/computer-forensics-tools/#gref. [Accessed: 15- Jan- 2020].
X. AG, “X-Ways Forensics: Integrated Computer Forensics Software”, X-ways.net, 2020. [Online]. Available: http://www.x-ways.net/forensics/. [Accessed: 15- Jan- 2020].
”7 Best Computer Forensics Tools [Updated for 2019]”, Infosec Resources, 2020. [Online]. Available: https://resources.infosecinstitute.com/computer-forensics-tools/#gref. [Accessed: 15- Jan- 2020].
”EnCase Forensic Product Overview”, OpenText Security, 2020. [Online]. Available: https://www.guidancesoftware.com/document/product-brief/encase-forensic-product-overview [Accessed: 15- Jan- 2020].