Seven Software Tools for Forensic Examination

digital forensic

The number of crimes related to computers, the Internet, and mobile phones is constantly increasing. Therefore, conducting effective computer or digital forensic investigations is very important. To effectively counter cyber threats, special instruments capable of extracting information from computer devices vulnerable to security breaches are absolutely necessary. As of today, there are several open source digital forensic tools cybersecurity experts make use of in their daily work.

If your task is to investigate a compromised server, infected PC, hacked website or an exploited mobile device, these solutions will help you do just that. Please, keep in mind that what follows below may not be the most comprehensive and detailed review. For more information on this topic, we advise you to head over to specialized websites where you can order the essay on digital forensic techniques written by qualified experts in the field.

So, let’s have a look at seven free pieces of anti-hacking software that work both on Linux and Windows.

1. Volatility

Memory analysis is a vital issue in digital research, and Volatility is a forensic platform that is designed to do just that. Ever since its creation, it has become an indispensable tool for law enforcement officials, military personnel, academicians, and commercial researchers around the world. This judicial data investigation instrument is cross-platform and can be run in Windows and Linux environments.

Volatility is a well-known kit of tools for incident and malware analysis, which allows its users to extract digital data from memory dumps (RAM), monitor application calls to DLLs, get information about running processes, open network sockets, and analyze network connections.


SANS Incident Forensic Toolkit is a SIFT workstation which employs digital forensics methods to respond to incidents related to security breaches. SIFT court system is completely free and as such available for all interested specialists.

Here’s what SIFT can offer its users:

  • Based on Ubuntu LTS 14.04;
  • 32-bit version available;
  • Constantly updated forensic tools and techniques;
  • Availability of downloadable VMware Appliance;
  • Cross-compatibility between Linux and Windows;
  • Offline installation using an .iso image.


CAINE (Computer Aided Investigative Environment) is a Linux distribution kit created as part of the Digital Forensics Project. It has a number of digital tools that can be used for performing digital investigation operations, such as data analysis, examination, and collection. CAINE integrates more than 80 forensic applications which can be executed through a user-friendly graphical interface. Some of its most notable features include:

  • Interoperable environment allowing for multiple stages of digital investigation;
  • Intuitive graphical interface;
  • Availability of open source tools;
  • Forensic assessment of both mobile and network devices;
  • Semi-automatic reporting;
  • Data recovery feature.

4. KALI Linux

Kali Linux (formerly Backtrack) is an open source project developed and supported by Offensive Security Company, a training courses provider and software developer specializing in detection and prevention of cyber threats. Kali Linux comes bundled with a number of open source tools designed for analyzing mobile, network, and operating systems.

Available as a Live CD or Live USB, it can be deployed on either Virtual Box or VMware Tools. Kati Linux is part of the Metasploit Project, an effort aimed at developing effective methods of countering security exploits.

It comes with more than 600 pre-installed testing programs, including Armitage (graphical cyber-attack management kit of tools), NMAP (scanner of ports), Wireshark (traffic analyzer), Aircrack-ng (wireless testing of local networks), and OWASP ZAP (security scanner of web applications).

5. DEFT Linux

DEFT (Digital Evidence and Forensics Toolkit) is a live distribution kit created for computer forensic analysis. DEFT includes the best forensic tools and can be paired with its DART (Digital Advanced Response Toolkit) graphical interface which allows it to be run on Windows. Designed to tackle cyber threats and perform forensic investigations, it contains useful tools for hashing, data recovery, and reporting.

6. Martiux

A full-featured Debian-based security distribution kit consisting of multiple free tools that can be used for a variety of purposes, including cyber threat testing, system and network administration, cybercriminal research, security testing, hacking, vulnerability analysis, and more.

Designed for both enthusiasts and security professionals, it can also be used as default forensic software. Matriux is a live CD and USB-based solution that can be easily installed on your hard drive. It also includes a set of forensic and data recovery tools that can be used for analysis and data search.

7. “DD” Utility for Linux

The “DD” utility is included by default in most Linux distribution kits available today. This set of tools can be used for various digital forensic tasks, such as erasing a hard drive and creating raw CD images. Using this powerful utility without due caution can lead to some devastating consequences which is why it should be applied in a safe environment. An updated version of the “DD” utility with additional features is available for free.

The above list of r forensic examination software is by no means a  complete one. In addition to these tools, you may also use other solutions, such as file viewers, hash generators, and text editors. In fact, a plethora of forensic software products available today makes it possible for you to pick the one that best suits your specific needs.