Today we are surrounded by numerous digital devices that are used globally for various purposes. These devices store and save our data which can be accessed by cyber-criminals to commit fraud, issue a threat, infiltrate the system and many more. These digital devices, as pointed out by NFSTC (2013), include not only computers and cell phones but also any other technological device that can process and store data. The process of identifying, preserving, analysing and presenting the data from these devices is known as Digital Forensic. 

Data extraction and analysis from the digital devices require hardware or software tools. Wazid et al., (2013) mention that although advanced tools are being developed, cyber-criminals are also equipped with anti-forensic tools that either erase the evidence or delay the generation process of the digital evidence. Regardless of this limitation, using Digital Forensic Tools is essential for cyber-crime investigation. 

The U.S. Department of Homeland Security (2016) states that there are five branches of Digital Forensics. These include Computer Forensics, Mobile Forensics, Network Forensics, Database Forensics and Forensic Data Analysis. 

DIGITAL FORENSIC TOOLS

With the advancement in technology comes a greater responsibility of protecting the integrity of the data. Hence, there is a need to create powerful tools that can match up with these advancements. There are many tools available which aid in the process of tracking the malicious activity of an individual. The tools can be either open-source (available free) or commercial (must be paid for). According to Parasaram (2017), commercial tools are valuable as they are automated and easy to use as well as the license purchase has an added benefit of support (in terms of research and development) by the developers. Parsaram (2017) also mentions that even though open-source tools have an open license, they have been reviewed extensively by the forensic community and are just as valuable as the commercial tools. 

APPLICATIONS OF COMMON DIGITAL FORENSIC TOOLS 

The different branches of Digital forensic employs various tools for the extraction and analysis of data.  The tools that are commonly used today are listed below. 

• Autopsy (Basis Technology, 2020)

This is an open-source GUI-based tool and can be used to examine and recover evidence from computers as well as cell phones. It can run on Windows, Linux and OS X. It can be either used as the primary tool, extension of current tool or also to validate the results from other tools. It analyses disk images, local drives or folders and is often used with The Sleuth Kit (Brian Carrier, 2020) to analyse data on suspected systems. It is widely used by various agencies such as Academic & Research, Corporate Investigations, Military & Government, and Law Enforcement.

• EnCase Forensic (OpenText Corp., 2020)

This is a commercial tool that can carry out an in-depth analysis of digital evidence. It can be used for computers as well as several mobile devices. It assists in identifying potential evidence and decrypting it. It can support various image formats, file systems as well as different email systems. It is widely used by corporate and law enforcement organizations to conduct investigation of digital evidence. 

• WindowsSCOPE (WindowsSCOPE, 2017)

This is a GUI-based commercial tool that performs memory forensics. It is suitable for Windows computers. It analyses the raw physical memory dumps of the entire system by the process of reverse-engineering. It automatically identifies several system activities such as registry keys, drivers being used by the system, network systems and more. It is widely used by the law enforcement organisations to perform thorough memory forensics that provides them with information about what was being used on the system as well as extract and identify important data. Along with this, it also provides information about any harmful software installed in the system.

• Volatility (The Volatility Foundation, 2018)

This is an open-source tool written in Python therefore making it capable of being run on any platform that supports Python. It is used to extract digital artifacts from the RAM and supports various file formats. It is compatible with Windows, Linux and Mac OSX. This tool is extensively used to extract memory for systems whose hard drive is either erased permanently or there is no data on it. 

• RAM Capturer (Belkasoft, 2020)

This is an open-source tool that can extract volatile memory from the entire system even if it is protected by anti-dumping or anti-debugging system. It is compatible with all the versions of Windows. It specifically focuses on systems that are protected against dumping such as online games. Since it operates in kernel mode, it can precisely obtain address space of protected applications. Combined with the Evidence Center (Belkasoft, 2020) forensic experts can also analyse the secured memory dumps to extract information from them. 

• NetworkMiner (NETRESEC AB, 2020)

This is an open-source tool for analysing the network. It can also be purchased for added features. It works for Windows as well as Linux, FreeBSD, and Mac OSX. It can extract materials such as emails or files that are transferred over the network. It does not burden the network with any traffic and collects data about the host, sessions etc. It is commonly used by law enforcement and incident response teams.  

• SANSIFT (SANS Institute, 2020)

This is an Ubuntu based open-source tool and performs in depth forensic examinations of digital devices. It can also be used for Windows. It can securely examine raw disks and multiple file and image systems. It facilitates the incident response team to identify advanced threat groups and restrict them. It is generally used for incident response, network forensic, cyber threat intelligence and memory analysis. 

• Cellebrite (Cellebrite, 2020)

This a commercial tool that extracts data from mobile devices. It extracts information from the entire file system on various iOS devices. Apart from that, it can perform a physical extraction on different Android devices as well. It can bypass or unlock the Android and iOS devices and extract the incriminating data from emails, chats, attachments, deleted content etc. It is widely used by the law enforcement, military & intelligence and business organisations. 

• Kali Linux (OffSec Services Ltd., 2020)

This is a Debian-based open tool that specifically performs ‘advanced penetration testing and security auditing’ on devices. It consists of tools required for complete investigation such as scanning, exploitation, reconnaissance and reporting tools. It can be used as a complete operating system as well and is equipped with required drivers for graphics, networking etc. Apart from computers, it can also be installed on mobile devices. This tool is explicitly produced for professionals executing penetration testing and security auditing. 

• Galvanizer (ACL Services Ltd. Dba Galvanize, 2020)

It is a commercial software for data analysis that provides investigators with various tools for risk identification, auditing, compliance, and security solution for the GRC industry. The tools assess and respond to the risks faced by various enterprises, minimizes risk exposure and simplifies compliance management, detects and prevents fraud and corruption and many more. 

CONCLUSION

This article has documented a few of the numerous available open-source and commercial tools. Although there are many tools, their aim is to extract and analyse data in a just manner. According to Carrier (2003, p. 8), these tools must have a read-only feature and  should be able to provide data in a manner that assists the investigator, accurately extract data, provide access to all the extracted data that can facilitate in verification of the result, and always produce a similar output. 

Crime can occur on any digital device and sometimes even with protection, cyber-criminals may manage to find a way to commit fraud, issue threat or misuse the information. It can lead to huge monetary and data losses. Thus, digital forensic tools can help tremendously to identify, assess, and monitor these risks and help in preventing these losses.  

REFERENCES 

• ACL Services Ltd. Dba Galvanize (2020) Available at: https://www.wegalvanize.com/ (Accessed: 15 April 2020)
• Basis Technology (2020) Autopsy Digital Forensics. Available at: https://www.autopsy.com/ (Accessed: 15 April 2020)
• Belkasoft (2020) Available at: https://belkasoft.com/ (Accessed: 15 April 2020)
• Brian Carrier (2020) Autopsy. Available at: https://www.sleuthkit.org/autopsy/ (Accessed: 15 April 2020)
• Carrier, B. (2003) ‘Defining Digital Forensic Examination and Analysis Tools using Abstraction Layers’, International Journal of Digital Evidence, 1(4), pp.1–12.
• Cellebrite (2020) Available at: https://www.cellebrite.com/en/home/ (Accessed: 15 April 2020)
• National Forensic Science Technology Center (2013) A Simplified Guide to Forensic Science. Available at:  http://www.forensicsciencesimplified.org/digital/why.html (Accessed: 13 April 2020).
• NETRESEC AB (2020) Available at: https://www.netresec.com/?page=NetworkMiner (Accessed: 15 April 2020)
• OffSec Services Limited (2020) Available at: https://www.kali.org/ (Accessed: 15 April 2020)
• OpenText Corp. (2020) Available at: https://www.guidancesoftware.com/?cmpid=side_menu_r (Accessed: 15 April 2020)
• Parasaram, S (2017) Digital Forensics with Kali Linux. Available at: https://subscription.packtpub.com/book/networking_and_servers/9781788625005/1/ch01lvl1sec12/commercial-tools-available-in-the-field-of-digital-forensics (Accessed: 15 April 2020)
• Parasaram, S (2017) Digital Forensics with Kali Linux. Available at: https://subscription.packtpub.com/book/networking_and_servers/9781788625005/1/ch01lvl1sec13/operating-systems-and-open-source-tools-for-digital-forensics
• SANS Institute (2020) Available at: https://digital-forensics.sans.org/ (Accessed: 15 April 2020)
• The Volatility Foundation (2018) Available at: https://www.volatilityfoundation.org/ (Accessed: 15 April 2020)
• U.S. Department of Homeland Security (2016) TechNote. Available at: https://www.dhs.gov/sites/default/files/publications/Digital-Forensics-Tools-TN_0716-508.pdf (Accessed: 14 April 2020)
• Wazid, M. et al. (2013) ‘Hacktivism Trends, Digital Forensic Tools and Challenges: A Survey’ IEEE Conference on Information and Communication Technologies pp. 138–144.
• WindowsSCOPE (2017) Available at: http://www.windowsscope.com/  (Accessed: 15 April 2020)

About Author:

Anushka Jirapure

Highly ambitious and enthusiastic Forensic Science student with an inquisitive nature to gain new expertise in the field of Digital Forensic. Looking forward to building a career in Crime Investigation. During her Master’s in Forensic Science, She has gained technical knowledge of GC-MS, LC-MS, HPLC, VSC 5000, and ABI 3500 Genetic Analyzer. She has also gained experience in Evidence collection and preservation, Handwriting Analysis, DNA profiling (via working on a case file) and creating a Quality manual for evidence handling, preservation and analysis.