Favorite Digital Forensics Tools & Features
What are your favorite Digital Forensics tools, and why? I don’t intend this to become an argument about which tool is the best, but rather a discussion to explore what makes a good tool. Most everyone is familiar with the popular tools like EnCase and FTK, but there are many other tools out there. Some set out to be the Jack-of-all-trades platform, while others aim for the niche areas that aren’t covered well by the big players. Many investigators say that they need a collection of tools to complete an investigation. Is that true for everyone? How many people depend on a single tool to find everything? Are those people happy with the results they get? Have they run into situations where their single tool failed them?
There are different categories of tools, like First Responder/Triage, Mobile, GPS, Logs, Disk Image Analysis, Memory Analysis, Network Sniffing, etc., but I expect that there are many important features that apply to all of these areas. Of your favorite tools, what do they do well? What do they fail at? What features would you like to add? What features would you like removed?
I know, I’m asking a lot of questions. We are coming close to releasing a few new tools. The answers that we receive to these questions can influence what we add to these new tools, and which tool gets released first. This is your opportunity to help mold some new tools.