Thursday, 29 September 2022

USB Write Blocker

 USB Write Blocker

Much like DRS by SalvationDATA, USB Write Blocker comes with a write-blocker that will protect the files inspected from being overwritten. Both of these PC forensics tools are perfect for analyzing a USB flash drive or a photo memory stick and can pull up lost data that would otherwise be impossible to salvage on your own.

What is USB write blocker?

Image result for usb write blocker

A write blocker is any tool that permits read-only access to data storage devices without compromising the integrity of the data. A write blocker, when used properly, can guarantee the protection of the data chain of custody.

How do hardware write blockers work?

Image result for usb write blocker

Hardware write blocker—The hardware blocker is a device that is installed that runs software internally to itself and will block the write capability of the computer to the device attached to the write blocker.

What is a write blocker in forensics?

Image result for usb write blocker

Write blockers are devices that allow you to read the information on the drive without the possibility of accidentally altering or writing to the drive contents. When using DVR Examiner, we always ask you to connect the DVR to your computer in a write-protected manner.

What is the purpose of a write block device?

Write Blocker is a tool designed to prevent any write access to the hard disk, thus permitting read-only access to the data storage devices without compromising the integrity of the data. A write blocking if used correctly can guarantee the protection of the chain of custody.

What are the two types of write blockers?

There are primarily two different types of write blockers. The first type is hardware write blockers. Usually, these devices sit between an evidence drive and a forensic workstation. The second type is a software write blocker, and sometimes it's built into a computer forensics suite, like EnCase or FTK.

Wednesday, 28 September 2022

FAW Forensics Acquisition of Websites


Forensics Acquisition of Websites (or FAW for short) is one of the best digital forensic tools for analyzing websites. After you run it, it will capture the entire source code and any images it contains and investigates it for traces of criminal activity.

Once finished, you can take the data and integrate it with other computer forensic software tools like Wireshark.

FAW in multipage version allows automatic capture of a list of web pages. Perfect for capturing entire websites fast and automatically. FTP. This tool allows you to capture entire websites in FTP and SFTP mode without modifying metadata of copied files.

What is forensics acquisition of websites?

Forensic Acquisition of Websites (FAW) is a way to forensically acquire a website or webpage as it is viewed by the user. FAW preserves what is publicly available at the time.

FAW is the first forensic browser and the best known in the world. Born in 2011, it is the reference software used by consultants, lawyers and law enforcement agencies all over the world.

FAW is the only forensic browser in the world that guarantees the authenticity, compliance and inalterability of the web pages acquired.

FAW was developed in compliance with national and international legislation, scientific papers and best practices of digital forensics.

 Version 8.3 of FAW has been released with the new extension for the automatic certified forensic acquisition of WhatsApp web chats. With this new module it is possible to automatically crystallize the test for legal purposes and legal value including all the texts of the chat and all the multimedia elements.

FAW acquires websites of any type: HTML5, CMS, static, dynamic, with frames, blogs, e-commerce, portals, social network, etc.

FAW allows access to any Social Network and acquires all of its contents.

FAW can also acquire all the resources available from Intranet networks, such as IP Camera, Router configuration, Firewall, Switch and NAS.

The software for forensic acquisition of web pages designed for Law Enforcement departments. It has all the Professional version features and other important features required by workers in the sector.

The perfect solution for forensic acquisition of web pages. Forensic community of all the world gave it the recognition like a precious instrument to fix web pages. FAW is suitable for technical consultant and other expert need automatic acquisitions, acquisitions of TOR network and innovative features to speed the activities.

Tuesday, 27 September 2022

Mobile Verification Toolkit (MVT)


MVT is one of the finest iOS and Android forensic tools that lets you decrypt encrypted backups and discover traces of malware that may be present in the system. It will generate a report of exactly what apps are installed on the smartphone and even present the extracted data as a JSON string.

If you’re looking for a mobile forensic tool with capabilities like this but aren’t overly trusting of free mobile forensic tools, look no further than SalvationDATA’s SPF Pro. It has better functions, ongoing support by the developer team, is more user-friendly, and has a free trial to boot.

Mobile Verification Toolkit (MVT) software is used to help you check forensic traces to understand whether your iphone or android phone have been compromised by the pegasus israeli spyware. Pegasus spyware founded in 2010 by Israeli pegasus nso group technologies, enables the remote surveillance of cellphone devices. Pegasus spyware has allegedly helped governments in countries like India, to hack into the smartphones of thousands of human rights activists, journalists and politicians worldwide. According to The Washington Post, Pegasus israeli spyware attack include 189 journalists, at least 65 business executives, more than 600 politicians and government officials, 85 activists of human rights and several heads of state.


Some of the key features of Mobile Verification Toolkit or MVT for nso group pegasus are listed below:

.Decrypt encrypted iOS backups.

.Process and parse records from iOS system.

.Extract installed applications from Android devices.

.Extract diagnostic information from Android devices through the adb protocol.

.Compare extracted records to a provided list of malicious indicators in STIX2 format.

.Generate JSON logs of extracted records.

.Separate JSON logs of all detected malicious traces.

.Generate a unified chronological timeline of extracted records,

.Generate a timeline all detected malicious traces.

.Open Source

What is MVT used for?

Mobile Verification Toolkit (MVT) is a collection of utilities developed by Amnesty International to remove nso group pegasus spyware. It automates the process of gathering forensic traces to identify a potential compromise of smartphone devices Android and iOS iPhone.

Is Mobile Verification Toolkit or MVT free?

Yes, Mobile Verification Toolkit (MVT) computer security and forensics tool is free to check your iPhone or Android for Israeli Pegasus spyware. It simplifies the process of acquiring and analyzing data from Android and IOS smartphone devices.

Is MVT open source?

Yes, Mobile Verification Toolkit or MVT is Amnesty International open source project. MVT digital forensic framework source code repository is available on Github, reported by international media.

Free Hex Editor Neo

 Free Hex Editor Neo

Free Hex Editor Neo is one of the top database forensics tools for handling large files.

Much like DBF by SalvationDATA, it’s one of those forensic image tools that have both a paid and a free version you can try at your leisure. Among its main features are manual data carving, data extraction, low-level file editing, and performing a deep scan to uncover hidden data.

Free Hex Editor Neo is the fastest freeware binary file editor for Windows platform. Neo's data processing algorithms are extremely optimized and carefully tuned to save your time. It handles operations on large files and hex dumps (even larger than 1 GB) in just seconds!

In contrast to any competitors, our binary file editing product always offers you this kind of user experience: lengthy operations performs smoothly, UI stays responsive, progress bars provide you with frequently updated information, system always has sufficient resources, all your modifications are stored safely and instantly ready for Undo/Redo. All of our efforts are aimed at preventing you from losing the modifications you've made, which is often the case with competing products.

The development history since year 1999 makes our binary file editing software a true champion of performance and stability. It's not just a free HxD alternative, but probably the best Windows 11/Windows 10 hex editor available for free. In contrast to competitors, it allows you to edit binary files of virtually any size!

Free Hex Editor Neo System Requirements

Free Hex Editor Neo requires Intel or AMD x86/x64 compatible CPU, 2 GB of RAM memory and 25 MB of free HDD/SSD disk space. It works on 32-bit and 64-bit Windows-based operating systems. All recent Windows platforms starting from Windows Vista (including Windows 11, Windows Server 2022 and Windows 10 x86/ x64) are supported.

Free Hex Editor Neo Advantages

.Efficient It supports multiple core processing and utilizes full power of your PC.

.Smart It supports complicated Regular Expression search/replace patterns.

.Handy It allows you to make binary patches in just one click.

.Flexible It allows you to tune every aspect of the User Interface.


Saturday, 24 September 2022

The Sleuth Kit

 The Sleuth Kit

What does The Sleuth Kit do?

Image result for The Sleuth Kit

The Sleuth Kit is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools.

What is sleuth kit Autopsy?

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

Is Sleuth Kit open source?

The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer.

How are Sleuth Kit and autopsy different?

An autopsy is basically a graphic interface for the very famous The Sleuth Kit used to retrieve evidence from a physical drive and many other tools. Sleuth Kit takes only command-line instructions. On the other hand, autopsy makes the same process easy and user friendly.

The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools that allow you to investigate and analyze volume and file system data. With this software, investigators can identify and recover evidence from images acquired during incident response or from live systems. The software is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.

The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

The volume system (media management) tools allow you to examine the layout of disks and other media. TSK supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

Friday, 23 September 2022

Oxygen Forensic Suite

 Oxygen Forensic Suite :

Oxygen Forensic Suite is one of the popular open-source mobile forensics tools that will help you gather the evidence you need from a mobile phone.

It also belongs on the list of Android forensic tools that let you bypass the password or lock screen gesture prompt, thus granting you unobstructed access to data that is stored inside.

This is a free alternative to SPF Pro, one of SalvationDATA’s flagship products. Since SPF Pro is way more powerful and has more features, be sure to sign up for the no-strings-attached free trial.

What is a forensic suite?

Image result for oxygen forensic suite

by Usama Azad. Oxygen Forensics Suite is a forensic software that is used to acquire data from almost all kinds of mobile devices, their backups and images, SIM card data, messenger logs, and cloud storage.

Is Oxygen Forensics a Russian company?

Oxygen Forensics

In Europe, its customers include London Metropolitan Police, the French National Police, the Spanish Civil Guard, and the German Federal Criminal Police Office. The company is registered in Virginia but its founders and directors, Oleg Fedorov and Oleg Davydov, are both Russian.

What is Oxygen Forensic Detective?

Oxygen Forensic Detective Enterprise is a cost-efficient solution for organizations with multiple users and remote workstations. The Enterprise license has all the Detective features included. You can extract data from multiple sources, analyze it using the built-in analytical tools, and make a report.

s Oxygen Forensic Suite free?

A free copy of Oxygen Forensic Viewer can be downloaded from the customer area by registered users of Oxygen Forensic Detective.

Oxygen Forensic Detective is an all-in-one forensic software platform built to extract, decode, and analyze data from multiple digital sources: mobile and IoT devices, device backups, UICC and media cards, drones, and cloud services. Oxygen Forensic Detective can also find and extract a vast range of artifacts, system files as well as credentials from Windows, macOS, and Linux machines.

The cutting-edge and innovative technologies deployed in Oxygen Forensic Detective include, but are not limited to, bypassing screen locks, locating passwords to encrypted backups, extracting and parsing data from secure applications and uncovering deleted data.

Furthermore, multiple extractions can be investigated in a single interface to gain a complete picture of the data. By using the integrated industry-leading analytical tools to find social connections, build timelines, and categorize images, law enforcement, corporate investigators and other authorized personnel can help make this world a safer place.

Oxygen Forensic Detective is distributed in a USB dongle and is valid for a single user.

Wednesday, 21 September 2022



Network Mapper (or NMAP for short) is one of the cyber security forensics tools for network scanning and auditing. One of its core advantages is the fact that it supports almost every popular operating system in existence, including Windows, Linux, Mac, including some less popular ones like Solaris and HP-UX.

What is Nmap used for?

Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what's connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP.

Why do hackers use Nmap?

Image result for nmap

Nmap can be used by hackers to gain access to uncontrolled ports on a system. All a hacker would need to do to successfully get into a targeted system would be to run Nmap on that system, look for vulnerabilities, and figure out how to exploit them. Hackers aren't the only people who use the software platform, however.

Is Nmap scanning legal?

Image result for nmap

Network probing or port scanning tools are only permitted when used in conjunction with a residential home network, or if explicitly authorized by the destination host and/or network. Unauthorized port scanning, for any reason, is strictly prohibited.

Is Nmap a vulnerability scanner?

Nmap, short for Network Mapper, is a free and open source tool used for vulnerability checking, port scanning and, of course, network mapping.

What is the advantage of Nmap?

Advantages of Nmap

It can search subdomain and Domain Name system queries. It can be used for auditing the network system as it can detect new servers. It can determine the nature of the service that the host is performing, like whether the host is a mail service or a web server or so on.

Is Nmap a virus?

The Nmap project has been wrongfully labeled as a cybersecurity “threat” by Google Chrome's Safe Browsing service. The incident is the latest example of legitimate security tools becoming categorized in the same way as malware, phishing code, or malicious exploits.

How do I master Nmap?

Getting started with Nmap

1.Windows or Linux? ...

2.Step 1: Operating System Installation. ...

3.Step 2: Ubuntu Installation. ...

4.Step 3: Nmap Installation from source. ...

5.Nmap command example. ...

6.Zenmap for those who like to click. ...

7.The 3 way TCP handshake. ...

8Filtered ports or when the Firewall drops a packet.

USB Write Blocker

 USB Write Blocker Much like DRS by SalvationDATA, USB Write Blocker comes with a write-blocker that will protect the files inspected from b...