CHFI Tools
Reset Administrator Password
-> Active@ Password Changer -> Windows Recovery Bootdisk -> Windows Password Recovery Lastic
Netcat
A network utility program that reads from and writes to network connections.
Wireshark
A popular packet sniffer.
Nbtstat
Allow view of information in the name resolution cache in a Windows machine
FTK Imager
Allows evidence from Physical Drive, Logical Drive-Image, File-Contents of a folder
Route Print
Allows view of routing table
nbstat -S
Analyze NetBIOS over TCP/IP activity
Write Blocker
Blocks modification of the source drive
net start / net stop
Built-in commands used to start and stop services locally
IExplorer
Can bypass iPhone passcodes
TSK & Autopsy
Data Recovery Tool
File Carving tool
Datalifter, OSForensics, Simple Carver Suite
Rapid Image 7020 X2 IT Hard drive duplicator
Designed to copy one "Master" hard drive to up to 19 "Target" hard drives
Data Acquisition Tools
DriveSpy, ProDiscover Forensics, AccessData FTK Imager, SafeBack, F-Reponse, DeepSpar
- ProDiscover Basic - OSForensics - DataNumen (outlook/express) - Paraben E-Mail Examiner - AccessData FTK - Fookes Aid4Mail (outlook, thunderbird, eudora)
Email Recovery Tools
Bit-Stream disk-to-disk tools
Encase, Safeback, Norton Ghost, X-Ways Forensics
eventvwr.msc
Event Viewer command
Facebook Forensic Software
Facebook forensic analyzer
netstat -na
Find unusual listening on TCP or UDP ports
FRED system
Forensic Recovery of Evidence Device. Acquire data directly from IDE/EIDE/ATA/SATA/ATAPI/SAS/Firewire/USB hard drives and storage devices and save forensic image to Blu-Ray, DVD, CD, or hard drives
DeepSpar Disk Imager
Free Windows-based
AppleXsoft Disk Doctors mac data recovery R-Studio Data rescue 4 Stellar phoenix mac data recovery fileSalvage 321SoftData recovery Disk Drill for Mac Mac Data Recovery Guru Cisdem DataRecovery 3 File recovery in Linux
Full list of Mac Tools
Quick Recovery Stellar Phoenix Windows Data Recovery Total Recall Advanced Disk recovery windows Data recovery software R-Studio Orion File Recovery software Data Rescue PC Smart Undeleter DDR Professional Recovery Software Data Recovery Pro GetDataBack UndeletePlus File Scavenger Virtuallab Active UNDELETE WinUnDelete R-Undelete Recover4all professional recuva Active file recovery pandora recovery ontrack easyRecovery Seagate File Recovery Software Wise Data Recovery Glary Undelete Disk Drill PhotoRec
Full list of Windows recovery tools
PC-3000 Data Extractor
Hardware and software suite for recovering flash-based storage
DD Tool
Linux command used to locate residual data
NET SESSION \\ComputerName
List sessions from a given machine
lusrmgr.msc
Local Users and Groups
IDA Pro
Malware Analysis Tool -can reverse machine code to assembly language
Process Monitor
Monitor tool for windows, real-time
Netstat
Networking/protocol stack tool and function
JailBreaking apps
OneClick Root Kingo Android Root Towelroot RescuRoot
PDF Password Recovery
PDF Password Recovery PDF Password Genius SmartKey Tenorshare
PEview, PE Explorer or PEBrowse Professional
PE Analysis tools
iOS Jailbreaking apps
Pangu Jail Break Redsn0w Sn0wbreeze GeekSn0w
Windows partition recovery tools
Partition Recovery, Acronis Recovery Expert, DiskInternals, GetDataBack, EaseUS, 7-Data
Bit-Stream disk-to-image tools
ProDiscover, EnCase, FTK, TSK, X-Ways, ILook
rtgen, winrtgen
Rainbow tables - System Hacking
DumpIT
Ram dump
Recuva
Recovers pictures, music, documents, videos, emails, or any other file type that are lost. Can also recover from rewritable media like memory cards, external hard drives, USB, etc... Offers Advanced Deep Scan mode that scours a drive to find any traces of files that have been deleted. Securely deletes files with secure overwrite feature that meets military standards.
Registry tools
RegRipper ProDiscover RegEdit RegScanner
MOBILedit
SIM Cloning - Logical acquisition
Oxygen Forensic Suite
SIM Cloning - Physical acquisition and file system acquisition
Paraben's Chat Stick
Searches for chat logs
net view (command)
Shows the computers on your immediate network, whether they operate as a workgroup or a domain.
LifeRaft's Navigator
Social intelligence platform
FreeZip
Tool for lossless compression
StuffIt
Tool for lossless compression
WinZip, PkZip
Tools for lossless compression
Deep Log Analyzer
Web analytics Small/Medium websites Analyzes web site visitors' behavior and gets the complete website usage statistics in easy steps
UltraBay 3d
Write blocker
net use
a TCP/IP command that connects or disconnects a computer from a shared resource or can display information about connections.
X1 Social Discovery
collect and search data from social networks and the internet
Passware Kit Forensic
complete electronic evidence discovery solution reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms.
FileMerlin
converts word processing, spreadsheet, presentation and database files between a wide range of file formats.
DriveSpy
data acquisition and duplication
EnCase
data collection forensic software guidance software civil/criminal investigations, etc forensic quality recordings of data recover insecurely deleted data snapshots of ram over time special training required
Handy Recovery
data recovery software designed to restore files accidentally deleted from hard disks and memory cards.
R Studio
data recovery software. It can recover files from FAT12/16/32/exFAT, NTFS, NTFS5 (created or updated by Windows 10, 8, 7, 2000/XP/2003/Vista).
Paraben's StrongHold bags
design to block out wireless signals from cell towers, wireless networks, and other signals
Disk Edit WinHex Hex Workshop
disk editor tools
HashMyFiles
for fingerprinting
Dependency Walker
links dynamically linked functions
Smartwhois
network information utility that allows you to look up all the available information about an IP address, hostname or domain, name of the network provider, administrator and technical support contact information.
PEiD
obfuscation methods
Regshot
registry compare utility that allows you to take a snapshot of your registry quickly and then compare it with a second one
Windows Password recovery bootdisk
reset a Windows admin password
Advanced Disk Recovery
scan entire system for deleted files and folders and recover them
Netlytic
social media analyzer
Xplico
to extract the applications data contained from an internet traffic capture. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. is an open source Network Forensic Analysis Tool (NFAT)
Undelete Plus
tool that can support large hard disks, and can recover documents even if windows is reinstalled
DiskDigger
undeletes and recovers lost files from hard drives, memory cards, and USB flash drives.
FragFS
use to hide data within the NTFS Master File Table ( MFT)
