Forensic Tools

• veresoftware.com

  Vere Software is dedicated to creating a "more safe" online environment. We specialize in software applications that can be used to help your investigations maintain structure while properly gathering evidence that can be used in court. Our clients include law enforcement agencies and special investigators. Our products are designed as a tool for the investigator to collect evidence of online criminal activity. We will help you, the investigator, "make the internet your regular beat" .
  

• Maresware/dmares.com

  Maresware: The Suite
  Maresware: Linux Computer Forensics
  Validation Tools and other products
  

• ProDiscover/Techpathways.com

  Investigator
  Forensics
  Incident Response
  Other tools
  

• Paraben Corporation/paraben.com

  P2 Power Pack
  
  Hard Drive Forensics
  Forensic Replicator Complete bit-stream acquisition software for hard drives and media
  P2 eXplorer Mount almost any forensic image as a virtual drive
  Forensic Sorter Save time by sorting your evidence into workable categories
  E-mail Examiner A full featured e-mail examination tool for over 30 popular e-mail formats
  Network E-mail Examiner Examine large network e-mail stores including Exchange, Notes, and GroupWise
  Text Searcher Perform advanced, fast text searching through indexing
  Registry Analyzer Analyze entire Windows registry files
  Chat Examiner Examine chat log files for Yahoo, MSN, ICQ, and more
  Decryption Collection Break passwords for over 35 types of encrypted files
  Case Agent Companion View over 250 different file formats for detailed analysis & reporting of digital evidence
  
  Enterprise Forensics
  Enterprise Forensics
  
  Moble Devices
  Cell Seizure v3.0 ADVANCED MOBILE PHONE FORENSIC SOFTWARE
  SIM Card Seizure v1.0.2131
  ComputraceComplete laptop security
  Computrace Data Protection
  

• Guidance Software/guidancesoftware.com

  EnCase Enterprise
  Field Intelligence Model
  

• AccessData Corp/accessdata.com

  The Ultimate Toolkit
  Forensic Toolkit
  Password Recovery Toolkit
  Registry Viewer
  

• Wetstone/wetstonetech.com

  Gargoyle Investigator
  DETS
  

• Determina/determina.com

  Determina VPS
  Determina Memory Firewall
  Determina LiveShield
  

• EnterEdge/enteredge.com

  Intrusion Protection Solutions
  EnterEdge Vulnerability Management Service (VMS)
  

• Digital Intelligence/digitalintelligence.com

  Intrusion Protection Solutions
  EnterEdge Vulnerability Management Service (VMS)
  

• DocuLex/doculex.com

  Litigation Support
  Electronic Discovery
  

• snort.org

  In 1998, Martin Roesch wrote an open source technology called Snort, which he termed a "lightweight" intrusion detection technology in comparison to commercially available systems. Today that moniker doesn't even begin to describe the capabilities that Snort brings to the table as the most widely deployed intrusion prevention technology worldwide. Over the years Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention. Recent advances in both the rules language and detection capabilities offer the most flexible and accurate threat detection available, making Snort the "heavyweight" champion of intrusion prevention.
  

• bleedingthreats.net

  Bleeding Edge Threats is a center for Open Security Research. We produce data feeds regarding new and up to the minute threats and research, and a number of other related security projects. Bleeding Edge Threats brings together the most experienced, and the least experienced security professionals.
  

• wiresharktraining.com/wiresharkU.com

  The Wireshark Certification Program strives to test a candidate's knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing the traffic.
  

• cacetech.com

  CACE (Creative, Advanced Communication Engineering) Technologies is dedicated to enhancing the Wireshark user experience. Our staff of accomplished computer scientists and engineers has created Wireshark®, the world’s most popular network analyzer, WinPcap™, the industry-standard open source packet capture library for Windows, and AirPcap™ Product Family 802.11 WLAN packet capture devices for Wireshark. Our collective experience and talents combine to offer exciting networking products as well as a broad range of engineering, development, and consulting services.
  

• packet-level.com

  The four Wireshark University courses were written by Laura - these courses include new trace files, more details on troubleshooting techniques and case studies. In addition, Laura has hand-picked instructors to teach the courses - these instructors have years of packet-level experience and are some of the best instructors in the industry. Laura (and the WSU advisory committe) are developing the certification test to validate candidate capabilities in the area of troubleshooting and securing networks using Wireshark. Laura works closely with Gerald Combs (original author of Wireshark) and Loris Degioanni (original author of WinPcap) to build the most current and complete educational materials to support Wireshark.
  

• insecure.org

  Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
  

• netscantools.com

  NetScanTools Pro is an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.

• mjmenz.com

  “Finding the Truth, One bit at a Time”
  

• cyberevidence.com

  CyberEvidence, Inc. is a leading provider of computer forensics. The concepts of digital data investigation and security will be an ever expanding part of the future.The need for professional, proficient and highly trained investigative resources dedicated to this fast developing industry is evident. CyberEvidence, Inc. addresses this need in three primary ways:
  
  1. providing clients with a range of digital data incident response, investigative and consulting services;
  2. providing industry leading training to individuals and organizations involved in digital forensics; and
  3. developing partnerships with institutions of higher learning to help move the digital forensics industry into the academic mainstream.
  

• infobin.org

  DeepDarkAbyss, ForensicsWeb, and the main Infobin site, as well as an updated Jatero.Com site.
  

• hightechcrimecops.org

  To train, support and encourage investigators through information sharing to preserve, recover, and analyze digital evidence in a forensically sound manner for criminal, civil and administrative purposes. To provide digital crime prevention education to the public. To promote knowledge of the impact of digital crime among senior leaders, both in the public and private sectors.
  

• tucofs.com

  TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
  

• wotsit.org

  Programmer's file and data format resource. This site contains information on hundreds of different file types, data types, hardware interface details and all sorts of other useful programming information; algorithms, source code, specifications, etc.
  

• DFLabs

  DFLabs is an ISO9001 certified consulting company founded by Dario Forte, CISM, CFE, specializing in Information Security Risk Management. Our mission is: Supporting Information Security Strategies and Guarenteeing Business Security.Proud of its professional experience, DFLabs provides consulting services in the following areas: Information Security Strategy, Incident Prevention and Response, Digital Forensics, Infosecurity Training, Intrusion Prevention, Log and Vulnerability Management. We are based in Northern Italy, and we perform our operations worldwide.
  

• PTK a new advanced interface for “The Sleuth Kit”

  PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation. The core component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence. PTK allows the management of different cases and different levels of multi-users. It is possible to allow more than one investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database. PTK is a Web Based application and builds its indexing archive inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).
  

• 10-23 On-Scene Investigator

  This toolkit was created for the non-technical first responder to a computer incident involving a Windows computer. It is remastered from Knoppix a bootable distribution of Linux. The toolkit runs completely off of the CD and out of RAM and does not touch the suspect hard drive(s). This was verified by SHA256 hashes of before and after the toolkit was used on a Windows system. As reported by Ernie Baca here there is an issue with Linux (and therefore KNOPPIX) where a bit is changed on journaling filesystems when mounted (even read-only). Therefore caution should be exercised when using 10-23 on a Linux system.
  

• THE FARMER'S BOOT CD (FBCD)

  FBCD provides you with an environment to safely and quickly preview data stored within various storage media (hard drives, USB thumbdrives, handheld music players such as iPods, digital camera media, etc.), enabling you to identify and locate data of interest.
  

• crackpdf.com

  PDF Password Cracker is an utility to remove the security on PDF documents (of course, you should have the right to do it, for example, in case of forgotten user/owner password). Only standard PDF security is supported, neither third-party plug-ins nor e-books.
  

• americantower.com

  Locate Cell Phone Towers
  

• cellreception.com

  Find Cell Tower Locations
  

• searchbug.com

  Find and investigate people, locate businesses, verify phone numbers and addresses
  
  

• techcrime.com

  Massive list of useful sites
  

• KBSolutions Inc/kbsolutions.com

  KBSolutions provides computer forensic investigations as well as consultation and training in various aspects of cyber crime. We specialize in sex offender management as it relates to cyber criminal activities. We do not provide forensic services in civil matters or do defense work.
  

• wigle.net

  Wireless Geographic Logging Engine
  

• OnScene Investigator/forensicsmatter.com

  OnScene Investigator is a cost effective, simple to use tool for quickly searching and/or imaging computers (in Encase format). It is ideal for on scene triage of computers to identify relevant evidence before imaging . OnScene Investigator is suitable for all Intel PCs, especially Apple Macbook, Macbook Pro and PPC Imac and Powerbook G4.
  

• zillow.com

  Zillow.com is an online real estate service dedicated to helping you get an edge in real estate by providing you with valuable tools and information.
  

• centralops.net

  This site is a collection of Internet utilities developed by Hexillion using its HexGadgets components. Most of the utilities have ASP or ASP.NET source code available.
  

• ic3.gov

  The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  

• Better Business Bureau

  U.S. and Canada
  United States
  

Training

• Cell Phones

  ohiohtcia.org
  forensicts.co.uk
  

• Computer Forensics

  Maresware Training Seminars
  Mississipi State Center for Computer Sercurity Research
  AccessData
  Paraben
  iacis.info
  newhorizons.com
  wetstonetech.com
  cftco.com
  securityuniversity.net
  Apple Mac OS X
  vigilar.com
  wright.edu
  CCE Bootcamp
  

• Fingerprints

  FBI Fingerprint Training

• Hacking Investigations

  newhorizons.com
  

• Security

  Learning Tree
  newhorizons.com
  

• Steganography

  GaryKessler.Net
  wetstonetech.com
  
  

Resources

Publications

Groups and Organizations

• HTCIA

  The High Technology Crime Investigation Association (HTCIA)
  "The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership."

• NCFTA

  National Cyber-Forensic & Training Alliance
  "The ongoing evolution of technology has compelled business, communications, and the nation’s critical infrastructures to become increasingly dependent upon the Internet. Criminals have followed the same course, expanding their illicit activities to the virtual world."

• Northeast Ohio Information Security Forum

  Northeast Ohio Information Security Forum
  "The Northeast Ohio Information Security Forum is a professional organization for people interested in information security. Members are in the information security, networking, system administration/engineering, and IT industry who are either involved in or interested in the information security field. The composition of the membership range from professionals working in the public sector (at colleges, universities, government agencies) to private industry (banks, manufacturing, tech, services) to college students. The group comes together monthly to discuss issues, watch presentations from members and speakers from outside of the group, and demos of various tools and techniques in the information security arena."

• RCFG

  The Regional Computer Forensic Group (RCFG)
  "The Regional Computer Forensic Group (RCFG) symposium is sponsored by RCFG, Inc. The RCFG is a non-profit Virginia corporation supporting the Law Enforcement and computer forensic community training needs. Membership is free and is comprised of local, federal, state employees and contractors sponsored by the government in support of law enforcement and combating cyber crime."

• ICFP

  Institute of Computer Forensic Professionals
  "The standardization, education, and foundation of the principles and practices in digital forensics. "

• SEARCH

  SEARCH The National Consortium for Justice Information and Statistics
  "SEARCH is dedicated to improving the quality of justice and public safety through the use, management and exchange of information; application of new technologies; and responsible law and policy, while safeguarding security and privacy."

• InfraGard

  InfraGard
  "InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters. "

• IAFCI

  International Association of Financial Crimes Investigators
  "The Association, a non-profit international organization, will provide services and an environment within which information about financial fraud, fraud investigation and fraud prevention methods can be collected, exchanged and taught for the common good of the financial payment industry and our global society."

• Cybercrime Institute

  Cybercrime Institute
  "Originally known as the Southeast Cyber Crime Summit, the new and improved CyberCrime Summit starts its fourth year in existence. This is due to the growth and realization that the summit reaches beyond the Southeastern U.S. The CyberCrime Summit attracts attendees from all over the world. Last year in addition to the U.S. and many Northern European attendees, some of the farthest attendees came from Italy, and Colombia, South America."

• TheTrainingCo

  TheTrainingCo
  "As a corporation, it is the culmination of a dream that we have been sharing with people for the past decade. In that sense, it is new. We officially opened our doors in early 1999. We are old in that the experiences of our senior staff are almost unmatched in their knowledge of the subjects being addressed at our conferences and speaking engagements. Every bit of that hard earned knowledge came as a result of years of highly specialized work and contact with thousands of people. Our two senior members alone bring more than one half of a century of pioneering efforts in the fields of Techno-Security and Cyber-Crime Prevention. "

• APWG

  AntiPhishing.org
  "The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types."