In this article, we will look at popular tools for conducting forensic analysis and collecting digital evidence.
1156 
RAM analysis is the process of examining the contents of the RAM (RAM) of a computer or other device in order to identify and analyze important information. This technique is often used in computer forensics and cyber security to identify and analyze running processes, active connections, open files, password remnants in memory, and other traces of program execution that may be lost when the system is turned off. Today you will get acquainted with tools that allow you to analyze the system memory and extract useful information from it.
A tool for working with timestamps in Windows. Checks labels in NTFS system with accuracy up to 100 nanoseconds.
Utility for forensic file system reconstruction and file recovery. Only supports NTFS.
A library for low-level exploration of disk images, file systems, and evidence retrieval.
A bootable kernel module (LKM) for capturing data from the memory of Linux-based devices, including Android smartphones.
Password Protected and Encrypted File Analysis Utility analyzes report encryption complexity and decryption options for each file.
A framework for studying RAM dumps. Supports 18 versions of operating systems, works with Virtualbox kernel dumps and VMware snapshots.
Extracts and helps interpret forensic artifacts from Docker containers. Displays the build history of the image, mounts the container file system at a given location, distributes artifacts on a timeline.
A utility for obtaining information about network processes, listing the binaries associated with each process. Queries VirusTotal and other online malware analysis and reputation services.
GUI for The Sleuth Kit and other forensics tools. Autopsy provides comprehensive file system analysis, including deleted file recovery, history viewing, keyword searches, and metadata analysis.
1156 
1394 
1326