The world of computer forensics, like everything related to computer science, is developing and changing rapidly. While there are commercial investigation software packages, such as EnCase by Guidance Software and FTK by AccessData, there are other software platforms that offer a solution to obtain computer forensic results. Unlike the two packages mentioned above, these open source alternatives don’t cost hundreds of dollars; they can be downloaded, distributed and used for free under various open source licenses.

Computer forensics is the process of obtaining information from a computer system. This information can be obtained from a live system (one that is running) or a system that has been shut down. The process usually involves taking steps to obtain a copy or image of the target system (an image of the hard drive is often obtained, but in the case of a “live” system, these can even be the other memory areas of the target system. the computer).

After making an exact “image” or copy of the target, in which the copy is verified using “checksum” processes, the IT specialist can begin to examine and obtain a wide range of data. This copy is obtained through write-protected means to preserve the integrity of the original evidence. Information such as images, videos, documents, browsing history, email addresses, and phone numbers are just some of the data (or evidence, if collected for possible legal purposes), which can often be obtained. Even deleted items can often be recovered.

Some of the open source packages available for free download include SANs SIFT (SANS Investigative Forensic Toolkit), DEFT (Digital Evidence & Forensics Toolkit) and CAINE (Computer Aided INvestigative Environment) bootable CD. These powerful packages are based on a Linux Ubuntu Windows-like operating system (graphical environment) and come with dozens of tools, and each disc contains many of the same open source tools, offering similar capabilities. Some of these tools are The Sleuth Kit (a complete platform in itself), Photorec (ideal for recovering all kinds of deleted files), Scalpel (another deleted file recovery tool), Bulk Extractor (mass mail and extraction tool of URL), Chntpw (a utility to reset the password of any user who has a valid local account on a Windows NT / 2k / XP / Vista / 7/8 system), Gparted (a partition editor to create, rearrange and delete partitions disk), and Log2timeline (a timeline generation tool).

So if you are interested in technical things, download one of these discs and start becoming a computer detective today!