Alat Digital Forensik Open Source Terbaik

Alat Digital Forensik Open Source Terbaik, Investigasi forensik selalu menantang karena Anda dapat mengumpulkan semua informasi yang Anda bisa untuk bukti dan rencana mitigasi. Berikut adalah beberapa alat penyidik forensik komputer yang Anda perlukan. Kebanyakan dari mereka gratis!

Baik itu untuk kasus sumber daya manusia internal, penyelidikan akses tidak sah ke server, atau jika Anda hanya ingin mempelajari keterampilan baru, rangkaian dan utilitas ini akan membantu Anda melakukan analisis forensik memori, analisis forensik hard drive, eksplorasi gambar forensik, pencitraan forensik dan forensik seluler. Dengan demikian, mereka semua memberikan kemampuan untuk membawa kembali informasi mendalam tentang apa yang “tersembunyi” dari suatu sistem.

1. Autopsy

Autopsy® adalah platform forensik digital dan antarmuka grafis untuk The Sleuth Kit® dan alat forensik digital lainnya. Ini digunakan oleh penegak hukum, militer, dan penguji perusahaan untuk menyelidiki apa yang terjadi di komputer. Anda bahkan dapat menggunakannya untuk memulihkan foto dari kartu memori kamera Anda.

Program forensik digital open source berbasis GUI untuk menganalisis hard drive dan ponsel pintar secara efektif. Autospy digunakan oleh ribuan pengguna di seluruh dunia untuk menyelidiki apa yang sebenarnya terjadi di komputer.

Baca Juga : Langkah dan Jenis Proses Mobile Forensik

2. Detektor Disk Terenkripsi

Detektor Disk Terenkripsi adalah alat baris perintah yang dapat dengan cepat, dan tidak mengganggu, memeriksa volume terenkripsi pada sistem komputer selama respons insiden.

Keputusan kemudian dapat dibuat untuk menyelidiki lebih lanjut dan menentukan apakah akuisisi langsung perlu dilakukan untuk mengamankan dan memelihara bukti yang akan hilang jika steker dicabut.

Ia memeriksa drive fisik lokal pada sistem untuk volume terenkripsi TrueCrypt, PGP atau BitLocker. Jika tidak ada tanda enkripsi disk yang ditemukan di MBR, EDD juga menampilkan ID OEM dan, jika berlaku, Label Volume untuk partisi di drive tersebut, memeriksa volume BitLocker.

Detektor Disk Terenkripsi dapat membantu untuk memeriksa drive fisik terenkripsi. Ini mendukung volume terenkripsi TrueCrypt, PGP, Bitlocker, Safeboot.

3. Wireshark

Wireshark adalah penganalisis protokol jaringan yang terkemuka dan banyak digunakan di dunia. Ini memungkinkan Anda melihat apa yang terjadi di jaringan Anda pada tingkat mikroskopis dan merupakan standar de facto (dan sering kali secara de jure) di banyak perusahaan komersial dan nirlaba, lembaga pemerintah, dan lembaga pendidikan. Pengembangan Wireshark berkembang pesat berkat kontribusi relawan dari pakar jaringan di seluruh dunia dan merupakan kelanjutan dari proyek yang dimulai oleh Gerald Combs pada tahun 1998.

Menurut thetrainingco Wireshark memiliki serangkaian fitur kaya yang meliputi:

  • Pemeriksaan mendalam terhadap ratusan protokol, dengan lebih banyak ditambahkan setiap saat
  • Tangkapan langsung dan analisis offline
  • Browser paket tiga panel standar
  • Multi-platform: Berjalan di Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, dan banyak lainnya
  • Data jaringan yang diambil dapat dilihat melalui GUI, atau melalui utilitas TShark mode TTY
  • Filter tampilan paling kuat di industri
  • Analisis VoIP yang kaya
  • Baca / tulis berbagai format file tangkap: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (terkompresi dan tidak terkompresi), Sniffer® Pro, dan NetXray®, Network Instruments Observer , NetScreen snoop, Novell LANalyzer, RADCOM WAN / LAN Analyzer, Shomiti / Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek / TokenPeek / AiroPeek, dan banyak lainnya
  • Tangkap file yang dikompresi dengan gzip dapat didekompresi dengan cepat
  • Data langsung dapat dibaca dari Ethernet, IEEE 802.11, PPP / HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, dan lainnya (tergantung platform Anda)
  • Dukungan dekripsi untuk banyak protokol, termasuk IPsec, ISAKMP, Kerberos, SNMPv3, SSL / TLS, WEP, dan WPA / WPA2
  • Aturan pewarnaan dapat diterapkan ke daftar paket untuk analisis yang cepat dan intuitif
  • Output dapat diekspor ke XML, PostScript®, CSV, atau teks biasa

4. Magnet RAM Capture

MAGNET RAM Capture adalah alat gratis yang dirancang untuk menangkap memori fisik komputer tersangka, memungkinkan penyelidik untuk memulihkan dan menganalisis artefak berharga yang sering kali hanya ditemukan di memori.

MAGNET RAM Capture memiliki footprint memori yang kecil, yang berarti penyelidik dapat menjalankan alat tersebut sambil meminimalkan data yang ditimpa dalam memori. Anda dapat mengekspor data memori yang diambil dalam format Raw (.DMP / .RAW / .BIN) dan dengan mudah mengunggahnya ke alat analisis terkemuka termasuk Magnet AXIOM dan Magnet IEF.

Bukti yang dapat ditemukan di RAM mencakup proses dan program yang berjalan di sistem, koneksi jaringan, bukti intrusi malware, kumpulan registri, nama pengguna dan sandi, file dan kunci yang didekripsi, dan bukti aktivitas yang biasanya tidak disimpan di hard disk lokal.

Ini mendukung sistem operasi Windows.

5. Network Miner

NetworkMiner adalah Alat Analisis Forensik Jaringan (NFAT) open source untuk Windows (tetapi juga bekerja di Linux / Mac OS X / FreeBSD). NetworkMiner dapat digunakan sebagai alat penangkap paket / sniffer jaringan pasif untuk mendeteksi sistem operasi, sesi, nama host, port terbuka, dll. Tanpa menempatkan lalu lintas apa pun di jaringan. NetworkMiner juga dapat mem-parsing file PCAP untuk analisis off-line dan untuk meregenerasi / memasang kembali file dan sertifikat yang ditransmisikan dari file PCAP.

NetworkMiner memudahkan untuk melakukan Analisis Lalu Lintas Jaringan (NTA) lanjutan dengan menyediakan artefak yang diekstrak dalam antarmuka pengguna yang intuitif. Cara penyajian data tidak hanya membuat analisis menjadi lebih sederhana, tetapi juga menghemat waktu yang berharga bagi analis atau penyelidik forensik.

NetworkMiner, sejak rilis pertama pada tahun 2007, menjadi alat yang populer di antara tim penanganan insiden serta penegakan hukum. NetworkMiner saat ini digunakan oleh perusahaan dan organisasi di seluruh dunia.

6. NMAP (Network Mapper)

Nmap (“Network Mapper”) adalah utilitas (lisensi) gratis dan open source untuk penemuan jaringan dan audit keamanan. Banyak sistem dan administrator jaringan juga merasa berguna untuk tugas-tugas seperti inventaris jaringan, mengelola jadwal peningkatan layanan, dan memantau waktu aktif host atau layanan. Nmap menggunakan paket IP mentah dengan cara baru untuk menentukan host apa yang tersedia di jaringan, layanan apa (nama aplikasi dan versi) yang ditawarkan host tersebut, sistem operasi apa (dan versi OS) yang mereka jalankan, jenis filter paket / firewall apa sedang digunakan, dan lusinan karakteristik lainnya.

Nmap dirancang untuk memindai jaringan besar dengan cepat, tetapi berfungsi dengan baik terhadap host tunggal. Nmap berjalan di semua sistem operasi komputer utama, dan paket biner resmi tersedia untuk Linux, Windows, dan Mac OS X. Selain baris perintah klasik yang dapat dieksekusi Nmap, rangkaian Nmap menyertakan GUI tingkat lanjut dan penampil hasil (Zenmap), transfer data yang fleksibel, pengalihan, dan alat debugging (Ncat), utilitas untuk membandingkan hasil pemindaian (Ndiff), dan generasi paket dan alat analisis respons (Nping).

Nmap dinobatkan sebagai “Produk Keamanan Tahun Ini” oleh Linux Journal, Info World, LinuxQuestions.Org, dan Codetalker Digest. Itu bahkan ditampilkan dalam dua belas film, termasuk The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, dan The Bourne Ultimatum.

Nmap adalah …

  • Fleksibel: Mendukung lusinan teknik lanjutan untuk memetakan jaringan yang diisi dengan filter IP, firewall, router, dan hambatan lainnya. Ini mencakup banyak mekanisme pemindaian port (baik TCP & UDP), deteksi OS, deteksi versi, sapuan ping, dan banyak lagi. Lihat halaman dokumentasi.
  • Kuat: Nmap telah digunakan untuk memindai jaringan besar dari ratusan ribu mesin.
  • Portabel: Sebagian besar sistem operasi didukung, termasuk Linux, Microsoft Windows, FreeBSD, OpenBSD,
  • Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, dan banyak lagi.
  • Mudah: Meskipun Nmap menawarkan serangkaian fitur canggih yang kaya untuk power user, Anda dapat memulai sesederhana “nmap -v -A targethost”. Versi baris perintah dan grafis (GUI) tradisional tersedia untuk disesuaikan dengan preferensi Anda. Binari tersedia untuk mereka yang tidak ingin mengkompilasi Nmap dari sumber.
  • Gratis: Tujuan utama Proyek Nmap adalah membantu membuat Internet sedikit lebih aman dan menyediakan administrator / auditor / peretas dengan alat canggih untuk menjelajahi jaringan mereka. Nmap tersedia untuk diunduh gratis, dan juga dilengkapi dengan kode sumber lengkap yang dapat Anda modifikasi dan distribusikan ulang di bawah persyaratan lisensi.
  • Didokumentasikan dengan Baik: Upaya signifikan telah dimasukkan ke dalam halaman manual yang komprehensif dan terkini, whitepaper, tutorial, dan bahkan keseluruhan buku! Temukan mereka dalam berbagai bahasa di sini.
  • Didukung: Meskipun Nmap tidak disertai jaminan, Nmap didukung dengan baik oleh komunitas pengembang dan pengguna yang dinamis. Sebagian besar interaksi ini terjadi di milis Nmap. Kebanyakan laporan bug dan pertanyaan harus dikirim ke daftar nmap-dev, tetapi hanya setelah Anda membaca panduannya. Kami merekomendasikan agar semua pengguna berlangganan daftar pengumuman nmap-hackers dengan lalu lintas
  • rendah. Anda juga dapat menemukan Nmap di Facebook dan Twitter. Untuk obrolan waktu nyata, bergabunglah dengan saluran #nmap di Freenode atau EFNet.
  • Diakui: Nmap telah memenangkan banyak penghargaan, termasuk “Produk Keamanan Informasi Tahun Ini” oleh Linux Journal, Info World dan Codetalker Digest. Itu telah ditampilkan di ratusan artikel majalah, beberapa film, puluhan buku, dan satu seri buku komik. Kunjungi halaman pers untuk detail lebih lanjut.
  • Populer: Ribuan orang mendownload Nmap setiap hari, dan Nmap disertakan dengan banyak sistem operasi (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, dll). Ini adalah salah satu dari sepuluh (dari 30.000) program teratas di repositori Freshmeat.Net. Ini penting karena ia meminjamkan Nmap pengembangan yang dinamis dan komunitas dukungan pengguna.

Knowing More About the Upcoming Mobile Forensic World Conference

About the Upcoming Mobile Forensic World Conference

Knowing More About the Upcoming Mobile Forensic World Conference – The Mobile Forensic World Conference is a conference that focuses on the forensic science field. Some of the key pillars of forensic science are including such as laboratory equipment, digital forensic, forensic analytics, and the scene of the crime. The conference will be attended by the practitioners of forensic science such as government, forensic examiner, private examiner, and academic researchers. A conference is an event that can be a medium for communication with all of the people that have a contribution to the development of forensic science technology. Some of the conferences are held regionally. Some of them can be attended by all of the people from many countries.

One of the conferences that are held nationally is the 14th Annual Gang Training Conference. This conference is presented by SBOBET with the partnership by the US Attorney’s Office of the District of Maryland, American Military University and MAGLOCEN. The contents of the conference will be held about the training of the investigation process from the Regional Gang Investigators. As you probably know that investigation will be correlated with the forensic trace so that this kind of training is needed. If you are interested to join, you can register on http://104.145.231.244 website. However, you need to make sure that you have passed all of the criteria before registering the process. Another upcoming conference is the Techno Security and Digital Forensic Conference. This event will provide the education of the digital forensic and cybersecurity industries. The conference will be attended by the staff from the government and private sectors in order to product development and responsibilities of digital forensic and information technology security. This conference will be attended by more than 500 people with the speaker about 65 persons. In addition, this conference will be divided into 70 sections. It’s such a good opportunity to know more about the development of digital forensic and information technology security.

Another upcoming conference that is related to forensic science is The European Police. Briefly, the European Police becomes the platform of the European police at the executive level to have a discussion. In addition, the conference will be about discussion of system solutions, political decisions, specialist programs with international expert and police decision-makers. Since the work of the police also related to forensic science, this conference is needed. You may also see the exhibition of the international police systems in Europe. This conference is held annually.

The Mobile Forensic World Conference for Better Forensic Science Technology

The Mobile Forensic World Conference for Better Forensic Science Technology

The Mobile Forensic World Conference for Better Forensic Science Technology – For the people who are working in the forensic science fields, they may familiar with the mobile forensic world conference. This conference is specifically held for gaining knowledge, development, and innovation to create better forensic science technology. Well, forensic science is one of the most important things in the investigation. It can determine the real fact and show it to the people. Therefore, the development of its technology is needed. The mobile forensic world conference can be a bridge for those people who have contributed to forensic science. They can share their experience and research to spread the information.

There are many conferences about mobile forensic from all over the world. For example, you can attend InterFORENSICS. This conference is presented by the Brazilian Academy of Forensic Sciences. The InterFORENSICS will be a media of the professional to have a discussion. Some of the professional backgrounds are forensic medicine, multimedia, information technology, lab equipment, and others. The participants who can attend this conference are the practitioners from the related field such as police, judges, lawyers, researches, forensic science students, and others. The eligible participants can send their paper to the committee of InterFORENSICS so that they can present their paper at this conference. Another conference that can be attended is the Education Conference from Ontario Forensic Investigators Association. This conference has a goal to improve the capability of the investigators in the forensic identification field so that they can improve their service, especially in Ontario Province. Therefore, the conference will be about the training related to the forensic identification field. In fact, the Ontario Forensic Investigators Association also provides some pieces of training other than a conference. They do several programs in order to improve the performance of investigators especially related to the forensic science field. If you are eligible as the participants of this event, you can join this conference.

Another mobile forensic world conference is the Techno Security and Digital Forensic Conferences. This event will include the role of the digital forensic and cybersecurity industries. It will enhance the cooperation between government, federal, professionals, state, private, and researchers for the development of digital forensic and cybersecurity technology. This event also will be attended by the forensic specialist and practitioners of cybersecurity technology from all over the world. The expected participants are about 900 participants. Meanwhile, the speakers at this conference are about 95 speakers. This conference will be divided into 100 sections.

The Mobile Forensic World Conference, Event and Review

The Mobile Forensic World Conference, Event and Review

The Mobile Forensic World Conference, Event and Review – Do you ever hear about the Mobile Forensic World Conference? Well, this conference is held for the dedication to the LE Forensic Specialist from any level such as federal, state, or local. It also includes the private forensic examiner, academic researchers, the leader of the industry, and corporate forensic. Even though the mobile forensic world conference has a limited theme, but the discussion in this conference has a wide topic. Therefore, there are many places that conduct a mobile forensic conference. You can find the schedule of the Mobile Forensic World Conference on some websites.

One of the coming soon events of Mobile Forensic World Conference is Forensic Europe Expo or FEE. This event will be held in London from 19 – 21 May 2020. What are the topics of this conference? Well, the main topic of the FEE is divided into 4 main keys of the forensic field that are digital forensic, scene of the crime, forensic analytics, and laboratory equipment. It means that any people who are contributing to those 4 main key can join the conference. The Forensic Europe Expo (FEE) has been held for about 7 years. This event is a bridge between forensic solution providers and senior buyers. In addition, FEE is also a symbol of the development of forensic science in Europe. If you are interested to join the FEE, you can send the paper to the homebet88.online. In this conference, you will see a lot of expertise in the forensic field from many countries in Europe and from any background such as government, stakeholder, a private company, and academic researchers. Another Mobile Forensic World Conference is Forensic Asia Expo.

The concepts of this conference are similar to the Forensics Europe Expo. The difference is that the scope of the nation from the conference. The Forensic Asia Expo is held for the Asia – Pacific territory. The conference is held in Asia since Asia becomes one the fastest area of the development in forensic science. There is a need to develop cost-effective technology. In addition, the Forensic Asia Expo can be a media for the industry, government, and academics to share information about forensic science.

You can also attend the NSA Winter Legislative and Technology that will be held in Washington, DC. This conference is a media for the agency, members of Congress, private companies, and academic researchers to discuss the development of technology especially in forensic science.

Steps of Mobile Forensic Process

Steps of Mobile Forensic Process

Steps of Mobile Forensic Process – User information may be digitalized nowadays; therefore, people may get other information by hacking mobile devices. The mobile devices may also be misused to spread hoax or exchange illegal information. Even people may plan a crime through mobile devices. Therefore, mobile forensic is essential.

The mobile forensic activity aims to recover the data footprint or retrieve any relevant information about a particular topic. To do the mobile forensic examination, the mobile devices, like those we use to access online games, but this time is used for crime, should be seized, isolated, stored for analysis, and kept so the evidence will not be corrupted. There are some steps in doing this mobile forensic.
• Seize the Mobile Devices
As any forensic method, the evidence should be seized. The mobile devices and any RAM or memory in it should be preserved in a specific box and the investigators should have permission from the court to take and analyze the mobile devices. Keeping the devices on may also be an essential thing to do since getting the devices shut down may alter the evidence.

The standard tools to conduct mobile forensics are the external power supply and Faraday bag/box. Investigators should have at least these two tools to jam the mobile devices. The Faraday bag or box is used to isolate the mobile devices from any communications network and to help the transportation of the evidence to the laboratory. The external power supply is needed to keep the devices on. Before putting the mobile devices inside the Faraday bag or box, don’t forget to disable network connections and also enable the aeroplane mode.

• Identification and Extraction
One important thing is that not only the device is mobile but also the data. Once files are sent to another device, the control of the data is lost. The footprint of the data may be still in the device, but the real data may be in another device. It is worsened by the existence of cloud that can synchronize data to and from other devices and at the same time organize the data from one particular device. This fact also makes the investigators find some difficulties in collecting information properly. Not only that, there may be too many protocols that investigators should follow to collect or retrieve the data. The solution for this problem is by making the SIM card replica to be used in the analysis process while the original one remains intact in the mobile devices. After that, the investigators can move to the process of examination and analysis by using any devices that they have.

The process of mobile forensic may look easy but there are many steps and protocols that investigators should follow since it is also a piece of evidence from a crime scene. Let’s hope that this kind of study will be developed well so that the criminal cases can be solved quickly.

Benefits of Joining in Mobile Forensic World 2019

Benefits of Joining in Mobile Forensic World 2019

For the closest Mobile Forensic seminar the seminar plan will be held on the 5th and 6th March of the upcoming 2019. In the Mobile Forensic seminar there will be a lot of discussion and introduction of various kinds of information relating to Mobile Forensics so that there will be lots of new information and new plans that can be obtained by joining this Mobile Forensic seminar.

So the first advantage is to raise awareness about the surroundings and technological developments that are developing a lot now. By knowing all information about Mobile Forensic, it will also be known the various kinds of benefits and what we can use.

We can find out a new world that is rarely seen by others. With this we add a vast new world and also widen the world and what is not less important can add to our experience and understanding. As human beings who must continue to develop we are obliged to try various new things as long as they have a positive impact. Trying new things also improves mentality and trains us to train mentally by mingling with new people and environments. We are forced to inevitably face and also be absorbed by a variety of new knowledge that we have never heard before.

Meeting new people and listening to all opinions and their perspectives will make us broader and our views open. Then there are many other benefits that you can get by going to visit and join. There are a number of charts and sessions related to Mobile Forensics come and enliven this Mobile Forensic World 2019 event. Like the various Law Enforcements, Digital Forensic, which have recently gotten more attention.

This is one of the effects of the rapid development of technology, especially in the digital section. The Forensic Digital Team came as an investigative team in the field of digital forensics, cyber security, digital expert witnesses, law enforcement, government agencies, and many more under the umbrella teams. The name Digital Forensic. Now all things can be done digitally, including in the forensic field. Then also came from the field of Laboratories which came from the forensic testing team, forensic researchers. Lab managers, biologists and also from the Toxiclogist team or researchers in the fields of drugs and poisons.

Even present from the university who came from the pre-educator team such as lecturers, educated students, heads of each department, to the research team, there will be many more who come and can be excavated by their knowledge and invited to share.