23 Free Tools for IT Security Specialist
Data leaks occur almost every day. According to the data leakage index, since 2013 more than 4,762,376,960 records were lost or stolen.
The largest data leaks occurred in:
Juniper Research suggests that by 2019, the damage from cybercrime will amount to more than $ 2 trillion. Therefore, the demand for forensic analysis will continue to grow.
The software is the best friend of the system administrator, and the use of a suitable tool will help to work faster and more productively.
Investigating incidents is not an easy task because you need to gather as much information as possible in order to obtain evidence and develop a plan for eliminating the consequences. Below I will describe several useful tools for investigating incidents. Most of them are free!
List of tools:
- Autopsy Download
- Encrypted Disk Detector Download
- Wireshark Download
- Magnet RAM Capture Download
- Network Miner Download
- NMAP Download
- RAM Capturer Download
- Forensic Investigator Download
- FAW Download
- HashMyFiles Download
- USB Write Blocker Download
- Crowd Response Download
- NFI Defraser Download
- ExifTool Download
- Toolslay Download
- SIFT Download
- Dumpzilla Download
- Browser History Download
- ForensicUserInfo Download
- BackTrack Download
- Paladin Download
- Sleuth Kit Download
- CAINE Download
The autopsy is an open source and graphical user interface for efficient forensic research on hard disks and smartphones. Thousands of people use Autopsy to figure out what really happened to the computer.
Specialists of large companies and the military widely use Autopsy in their work. Below are some of the Autopsy features:
- Analysis of e-mails;
- Definition of the file type;
- Multimedia playback;
- Analysis of the registry;
- Restore photos from the memory card;
- Extract information about geolocation and camera from JPEG-files;
- Extracting data about network activity from the browser;
- Display of system events in the graphical interface;
- Chronological analysis;
- Extracting data from devices on Android: SMS, call history, contacts, etc.
With this tool, you can generate reports in HTML and XLS formats.
2. Encrypted Disk Detector
Encrypted Disk Detector can help you analyze encrypted hard disks. The program works with partitions encrypted with TrueCrypt, PGP, Bitlocker, Safeboot.
Wireshark is a tool for capturing and analyzing network packets that will help you monitor what is happening on your network. Wireshark comes in handy when investigating a network incident.
4. Magnet RAM Capture
Magnet RAM capture allows you to take a snapshot of RAM and analyze artifacts in memory. The program works with Windows.
5. Network Miner
This interesting forensic analysis tool for Windows, Linux, and MAC OS X allows you to determine the operating system, hostname, detect sessions and open ports using a traffic analyzer or PCAP file. Network Miner displays the extracted artifacts in an intuitive interface.
NMAP (Network Mapper) is one of the most popular tools for auditing network and information security. NMAP is compatible with most operating systems, including Windows, Linux, Solaris, MAC OS, HP-UX, etc. The program is open source, so it’s free.
7. RAM Capturer
RAM Capturer by Belkasoft is a free tool for creating a dump of volatile computer memory. The program is compatible with Windows. A memory dump can contain passwords and data on encrypted volumes to enter the e-mail or social networks.
8. Forensic Investigator
If you use Splunk, then Forensic Investigator is useful to you. This application for Splunk performs many functions.
- WHOIS/GeoIP requests;
- Port scanner;
- Header collector;
- URL analyzer/decoder;
- XOR/HEX/Base64 converter;
- View SMB Share/NetBIOS;
- Virus Total.
FAW (Forensics Acquisition of Websites) is used to collect data about a web page for further research. The tool includes the following:
- Saving the page partially or completely;
- Preservation of all kinds of images;
- Saving the HTML source code of the web page;
- Work with Wireshark.
HashMyFiles will help you calculate MD5 and SHA1 hashes. The tool works on almost all the latest versions of Windows.
11. USB Write Blocker
View the contents of the USB drive without leaving fingerprints, metadata and timestamps. USB Write Blocker uses the Windows registry to protect against writing to USB devices.
12. Crowd Response
Response from Crowd Strike is a Windows application designed to collect system information in order to respond to an incident and improve security. Results can be presented in XML, CSV, TSV or HTML formats using CRConvert. The program runs on all 32-bit and 64-bit versions of Windows starting with XP.
Crowd Strike has other good tools for investigating:
- Tortilla allows anonymous routing of TCP / IP and DNS traffic through TOR;
- Shellshock Scanner – check the network for Shellshock vulnerabilities;
- Heartbleed scanner – check the network for a heart bleed vulnerability in OpenSSL.
13. NFI Defraser
A defraser is a research tool that can help you find multimedia files or their fragments in an information stream.
With the help of ExifTool, you can read, write and edit metadata of different types of files, including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc.
A toolslay offers more than a dozen useful investigative tools:
Verification of digital signature files;
Identification of the file format;
Hashing and checking files;
Inspector of binary files;
Encryption of text;
A data URI generator;
SIFT (SANS investigative forensic toolkit) is a workstation that is freely available for Ubuntu 14.04. SIFT is a set of useful analysis tools and one of the most popular open source incident response platforms.
Extract all the information you are interested in from the browsers Firefox, Iceweasel, and Seamonkey with Dumpzilla.
18. Browser History
Foxton has two interesting tools:
- Save browser history (Chrome, Firefox, IE, and Edge) for Windows;
- View your browser history. You can extract and analyze the history of actions in most modern browsers. The results are displayed on an interactive graph, and historical data can be filtered.
Using ForensicUserInfo you can extract the following information:
- LM / NT hash;
- Change of password, expiration of the account;
- The number of entries in the system, the date of failed attempts;
- The path to the profile.
Backtrack is one of the most popular platforms for vulnerability testing, but it also features forensic analysis.
PALADIN Forensic Suite is the most popular set of forensic tools for Linux in the world, which is a modified Linux distribution based on Ubuntu and available in 32- and 64-bit versions.
Paladin includes more than 100 tools, which are grouped into 29 categories. That’s almost all you need to investigate the incident. The autopsy is included in the latest version – Paladin 6.
22. Sleuth Kit
The Sleuth Kit is a set of command-line tools for examining and analyzing logical disks and file systems to find data.
CAINE (Computer Aided Investigate Environment) is a Linux distribution that offers a complete expert platform with more than 80 tools for analysis, research and reporting of actions.
I hope that the above tools will help you cope with the incident and accelerate the investigation.