Career Technology Cyber Security INDIA

 ExifTool As the name implies, ExifTool can read, write, and edit EXIF and metadata across a wide range of format types, thus making it a suitable option if you’re looking for free photo forensics tools. In addition, it’s compatible with FlashPix, IRB, IPTC, GPS, GeoTIFF, XMP, JFIF, and other formats. What is ExifTool command? Image result for exiftool ExifTool is a powerful tool used to extract metadata of a file. It is used not only on images but some other formats of files like PDF and mp4 etc. It enables us to update and remove metadata of files and gives a lot of information about files. How do I install ExifTool on Windows? Windows Download the Windows Executable from the ExifTool home page. (The file you download will have a name like " exiftool-#. ##. zip ".) Extract " exiftool(-k).exe " from the " . zip " file, and place it on your Desktop. (Double-click on " exiftool-#. ##. How does ExifTool calculate shutter count? 4) Viewing Shutter Count

 USB Write Blocker Much like DRS by SalvationDATA, USB Write Blocker comes with a write-blocker that will protect the files inspected from being overwritten. Both of these PC forensics tools are perfect for analyzing a USB flash drive or a photo memory stick and can pull up lost data that would otherwise be impossible to salvage on your own. What is USB write blocker? Image result for usb write blocker A write blocker is any tool that permits read-only access to data storage devices without compromising the integrity of the data. A write blocker, when used properly, can guarantee the protection of the data chain of custody. How do hardware write blockers work? Image result for usb write blocker Hardware write blocker—The hardware blocker is a device that is installed that runs software internally to itself and will block the write capability of the computer to the device attached to the write blocker. What is a write blocker in forensics? Image result for usb write blocker Write blocke

 FAW Forensics Acquisition of Websites (or FAW for short) is one of the best digital forensic tools for analyzing websites. After you run it, it will capture the entire source code and any images it contains and investigates it for traces of criminal activity. Once finished, you can take the data and integrate it with other computer forensic software tools like Wireshark. FAW in multipage version allows automatic capture of a list of web pages. Perfect for capturing entire websites fast and automatically. FTP. This tool allows you to capture entire websites in FTP and SFTP mode without modifying metadata of copied files. What is forensics acquisition of websites? Forensic Acquisition of Websites (FAW) is a way to forensically acquire a website or webpage as it is viewed by the user. FAW preserves what is publicly available at the time. FAW is the first forensic browser and the best known in the world. Born in 2011, it is the reference software used by consultants, lawyers and law enfor

 MVT MVT is one of the finest iOS and Android forensic tools that lets you decrypt encrypted backups and discover traces of malware that may be present in the system. It will generate a report of exactly what apps are installed on the smartphone and even present the extracted data as a JSON string. If you’re looking for a mobile forensic tool with capabilities like this but aren’t overly trusting of free mobile forensic tools, look no further than SalvationDATA’s SPF Pro. It has better functions, ongoing support by the developer team, is more user-friendly, and has a free trial to boot. Mobile Verification Toolkit (MVT) software is used to help you check forensic traces to understand whether your iphone or android phone have been compromised by the pegasus israeli spyware. Pegasus spyware founded in 2010 by Israeli pegasus nso group technologies, enables the remote surveillance of cellphone devices. Pegasus spyware has allegedly helped governments in countries like India, to hack into

 Free Hex Editor Neo Free Hex Editor Neo is one of the top database forensics tools for handling large files. Much like DBF by SalvationDATA, it’s one of those forensic image tools that have both a paid and a free version you can try at your leisure. Among its main features are manual data carving, data extraction, low-level file editing, and performing a deep scan to uncover hidden data. Free Hex Editor Neo is the fastest freeware binary file editor for Windows platform. Neo's data processing algorithms are extremely optimized and carefully tuned to save your time. It handles operations on large files and hex dumps (even larger than 1 GB) in just seconds! In contrast to any competitors, our binary file editing product always offers you this kind of user experience: lengthy operations performs smoothly, UI stays responsive, progress bars provide you with frequently updated information, system always has sufficient resources, all your modifications are stored safely and instantly re

 The Sleuth Kit What does The Sleuth Kit do? Image result for The Sleuth Kit The Sleuth Kit is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools. What is sleuth kit Autopsy? Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Is Sleuth Kit open source? The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. How are Sleuth Kit and autopsy different? An autopsy is basically a graphic

 Oxygen Forensic Suite : Oxygen Forensic Suite is one of the popular open-source mobile forensics tools that will help you gather the evidence you need from a mobile phone. It also belongs on the list of Android forensic tools that let you bypass the password or lock screen gesture prompt, thus granting you unobstructed access to data that is stored inside. This is a free alternative to SPF Pro, one of SalvationDATA’s flagship products. Since SPF Pro is way more powerful and has more features, be sure to sign up for the no-strings-attached free trial. What is a forensic suite? Image result for oxygen forensic suite by Usama Azad. Oxygen Forensics Suite is a forensic software that is used to acquire data from almost all kinds of mobile devices, their backups and images, SIM card data, messenger logs, and cloud storage. Is Oxygen Forensics a Russian company? Oxygen Forensics In Europe, its customers include London Metropolitan Police, the French National Police, the Spanish Civil Guard,

 NMAP Network Mapper (or NMAP for short) is one of the cyber security forensics tools for network scanning and auditing. One of its core advantages is the fact that it supports almost every popular operating system in existence, including Windows, Linux, Mac, including some less popular ones like Solaris and HP-UX. What is Nmap used for? Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what's connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP. Why do hackers use Nmap? Image result for nmap Nmap can be used by hackers to gain access to uncontrolled ports on a system. All a hacker would need to do to successfully get into a targeted system would be to run Nmap on that system, look for vulnerabilities, and figure out how to exploit them. Hackers aren't the only people who use the softw

 Crowdstrike Crowdstrike is digital forensic software that provides threat intelligence, endpoint security, etc. It can quickly detect and recover from cybersecurity incidents. You can use this tool to find and block attackers in real time. What is CrowdStrike and how it works? CrowdStrike installs a lightweight sensor on your machine that is less than 5MB and is completely invisible to the end user. Once CrowdStrike is installed, it actively scans for threats on your machine without having to manually run virus scans. Features: .It is one of the best cyber forensics tools that help you to manage system vulnerabilities. .It can automatically analyze malware. .You can secure your virtual, physical, and cloud-based data center. What is special about CrowdStrike? Superior protection. CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and

 Xplico Xplico is an open-source forensic analysis app. It supports HTTP( Hypertext Transfer Protocol), IMAP (Internet Message Access Protocol), and more. What is xplico used for? Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer (e.g. Wireshark, tcpdump, Netsniff-ng). Features: .You can get your output data in the SQLite database or MySQL database. .This tool gives you real time collaboration. .No size limit on data entry or the number of files. .You can easily create any kind of dispatcher to organize the extracted data in a useful way. .It is one of the best open source forensic tools that support both IPv4 and IPv6. .You can perform reserve DNS lookup from DNS packages having input files. .Xplico provides PIPI (Port Independent Protocol Identification) feature to support digital forensic. How does xplico work? Xplico extracts packets from internet traffic and captures the applicatio

 Volatility Framework Volatility Framework is software for memory analysis and forensics. It is one of the best Forensic imaging tools that helps you to test the runtime state of a system using the data found in RAM. This app allows you to collaborate with your teammates. Volatility is an open source framework used for memory forensics and digital investigations. The framework inspects and extracts the memory artifacts of both 32-bit and 64-bit systems. The framework has support for all flavours of Linux, Windows, MacOS and Android. Features: .It has API that allows you to lookups of PTE (Page Table Entry) flags quickly. .Volatility Framework supports KASLR (Kernel Address Space Layout Randomization). .This tool provides numerous plugins for checking Mac file operation. .It automatically runs Failure command when a service fails to start multiple times. What does Volatility program do? Volatility is one of the best open source software programs for analyzing RAM in 32 bit/64 bit system

  Registry Recon Registry Recon is a computer forensics tool used to extract, recover, and analyze registry data from Windows OS. This program can be used to efficiently determine external devices that have been connected to any PC. Registry Recon, developed by Arsenal Recon, is a powerful computer forensics tool used to extract, recover, and parse registry data from Windows systems. The process of manually scouring Windows Registry files proves to be extremely time consuming and leaves gaping holes in the ability to recover critical information. What is registry in cyber forensics? On the Windows system, the registry is a source of evidence against the cyber criminal as it maintains the details of the activity on the system. The digital forensic investigation of the Windows registry helps in collecting forensic information relevant to the case. Features: .It supports Windows XP, Vista, 7, 8, 10, and other operating systems. .This tool automatically recovers valuable NTFS data. .You ca

 Wireshark  Wireshark is a tool that analyzes a network packet. It can be used to for network testing and troubleshooting. This tool helps you to check different traffic going through your computer system. Wireshark is a network protocol analyzer, or an application that captures packets from a network connection, such as from your computer to your home office or the internet. Packet is the name given to a discrete unit of data in a typical Ethernet network. Wireshark is the most often-used packet sniffer in the world. What are the four main uses of Wireshark? Image result for wireshark description Here are some reasons people use Wireshark: .Network administrators use it to troubleshoot network problems. .Network security engineers use it to examine security problems. .QA engineers use it to verify network applications. .Developers use it to debug protocol implementations. Wireshark consists of a rich feature set including the following: Live capture and offline analysis. .Rich VoIP an

X-Ways Forensics - an advanced computer examination. and data recovery software. Software for computer investigative specialists in private enterprise and law enforcement. Marketed by X-Ways Software Technology AG. X-Ways is software that provides a work environment for computer forensic examiners. This program is supports disk cloning and imaging. It enables you to collaborate with other people who have this tool. X-Ways Investigator is a powerful investigation/document analysis/report generation application for law enforcement, intelligence agencies, and the private sector. It runs under Windows. It was designed for investigators who are specialized in areas such as accounting, building laws, money laundering, corruption, homicide, child pornography, etc., also for investigative analysts, agents, attorneys, paralegals, prosecutors, internal and external auditors, for the analysis part of computer forensics and electronic discovery. X-Ways Investigator is based on X-Ways Forensics and

 Magnet RAM capture Magnet RAM capture records the memory of a suspected computer. It allows investigators to recover and analyze valuable items which are found in memory. Use MAGNET RAM Capture to capture the physical memory of a suspect’s computer and to recover and analyze artifacts found only in memory. MAGNET RAM Capture’s small memory footprint allows you to run the tool while minimizing overwriting data in memory. After capturing the memory data, you can upload it into analysis tools, such as AXIOM and IEF. What is magnet RAM capture? MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect's computer, allowing you to recover and analyze artifacts that are often only found in memory. What program will allow you to capture RAM? Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer's volatile memory—even if protected by an active anti-debugging or anti-dumping system. S

 FTK Imager: A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. FTK Imager is a forensic toolkit i developed by AccessData that can be used to get evidence. It can create copies of data without making changes to the original evidence. This tool allows you to specify criteria, like file size, pixel size, and data type, to reduce the amount of irrelevant data. Features: .It provides a wizard-driven approach to detect cybercrime. .This program offers better visualization of data using a chart. .You can recover passwords from more than 100 applications. .It has an advanced and automated data analysis facility. .FTK Imager helps you to manage reusable profiles for different investigation requirements. .It supports pre and post-processing refinement. What is FTK used for? Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard dr

  SIFT Workstation SIFT Workstation is a computer forensics distribution based on Ubuntu. It is one of the best computer forensic tools that provides a digital forensic and incident response examination facility. Features: .It can work on a 64-bit operating system. .This tool helps users to utilize memory in a better way. .It automatically updates the DFIR (Digital Forensics and Incident Response) package. .You can install it via SIFT-CLI (Command-Line Interface) installer. .This tool contains numerous latest forensic tools and techniques. The SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep-dive digital forensic techniques can be accomplished using cutting-edge open-source tools that are freely available and frequently

EnCase Encase is an application that helps you to recover evidence from hard drives. It allows you to conduct an in-depth analysis of files to collect proof like documents, pictures, etc. Features: .You can acquire data from numerous devices, including mobile phones, tablets, etc. .It is one of the best mobile forensic tools that enables you to produce complete reports for maintaining evidence integrity. .You can quickly search, identify, as well as prioritize evidence. .Encase-forensic helps you to unlock encrypted evidence. .It is one of the best digital forensics tools that automates the preparation of evidence. .You can perform deep and triage (severity and priority of defects) analysis. What is EnCase used for? Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information. The company a

PALADIN  :  PALADIN is a bootable forensic Linux distribution based on Ubuntu and is developed and provided as a courtesy by SUMURI. The boot process has been modified to assure that the internal or external media of computers and devices are not modified or mounted. PALADIN is available as an ISO which can be used to make a bootable DVD or USB. Once booted, the user will find a host of precompiled open-source forensic tools that can be used to perform various tasks. The centerpiece of these tools is the PALADIN Toolbox. The PALADIN Toolbox has combined and simplified multiple forensic tasks into an easy to use GUI (graphical user interface) that requires minimal training and does not require users to utilize the command line. The “engine” that runs the PALADIN Toolbox is a combination of applications that have been used by forensic examiners and investigators for years and have withstood scrutiny in many courts of law. New Features of PALADIN PALADIN has been described as a forensic e

 CAINE : CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project Currently the project manager is Nanni Bassetti (Bari - Italy). CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims to guarantee are the following: an interoperable environment that supports the digital investigator during the four phases of the digital investigation a user-friendly graphical interface user-friendly tools We recommend you to read the page on the CAINE policies carefully. CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take on the legacy of the previous developer or project manager. The distro is open source, the Windows side is freeware and, the last but not least, the distro is installable, thus giving the

 AUTOPSY DIGITAL FORENSICS  Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Autopsy is computer software that makes it simpler to deploy many of the open source programs and plugins used in The Sleuth Kit. The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data. Autopsy® is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. The Sleuth Kit® is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It i

 ProDiscover Forensics ProDiscover Forensics is a comprehensive digital forensics software that empowers investigators to capture key evidence from computer systems. ProDiscover has capabilities to handle all aspects of an in-depth forensic investigation to collect, preserve, filter, and analyze evidence. ProDiscover Incident Response (IR) ProDiscover Incident Response (IR) has capabilities to determine if a system has been compromised and to what extent. Corporate network security personnel can take action in real-time to protect such systems under attack from malicious hackers and disgruntled employees. A repository and dashboard for ProDiscover Forensics and ProDiscover Incident Response. The Pro version an all-in-one web platform which can be hosted on premises for collaborative investigations. ProDiscover Forensic is a computer security app that allows you to locate all the data on a computer disk. It can protect evidence and create quality reports for the use of legal procedures.

 Darknet  What Does Darknet Mean? The darknet refers to networks that are not indexed by search engines such as Google, Yahoo or Bing. These are networks that are only available to a select group of people and not to the general internet public, and only accessible via authorization, specific software and configurations. This includes harmless places such as academic databases and corporate sites, as well as those with shadier subjects such as black markets, fetish communities, and hacking and piracy. The darknet is an overlay network to the internet that can only be accessed by specialized software, configurations and special authorizations, and often makes use of non-standard communication protocols in order for it to be deliberately inaccessible by the internet. The term was originally coined in the 1970s to refer to computer networks that were isolated from the ARPANET for obvious security reasons. These darknets were able to receive communication from the ARPANET but were inaccess