Practical 9

ITS60904 Computer Crime and Digital Evidence

Practical 9 Group 3 Section 1

Name Registration No. Signature Marks

(Block Capital) (For Lecturer Use)

1. Thua Sin Wei 0354566 Sinwei

2. Ethan Ting Zhi 0354840 Ethan

Peng

3. Au Cheng Hong 0360462 Eddy

Eddy

4. Khor Jia Jie 0352728 JiaJie

5. Kok Lok Ken 0355226 Kenny

Digital Forensic Tools

There are many free tools which most digital forensic experts use for cybercrime
analysis and investigation, such as The Sleuth Kit, Magnet AXIOM. The objective of this
lab is to learn how to use common forensic tools and techniques to investigate
cybercrime and collect possible evidence about their targets, motives, and perpetrators.

Lab Task
Explore forensic tools and fill in the following table with 20 tools (at least) which are
used to investigate a particular field of digital forensic such as Computer Forensic,
Network Forensic, Mobile Forensic, and Memory Forensic.

Tools Name Purpose Platforms Descriptio

n
A software platform for acquisition,
1 Magnet Mobile cross- analysis and sharing from Magnet
AXIOM Forensic platform Forensics.

2 A software utility for read-only,

Mobile
 Andriller Android forensically sound, and non-
Forensic destructive acquisition from Android.
3 A software application that lets you
LIME Mobile Android get a dump of Linux-based device's
Forensic volatile memory,
4 A ETL/ Data preparation tool that
Xtarxtor Email Desktop extract, Convert, Migrate & Backup
Forensic emails
from web, desktop client, email
server & email files
5 Allows sender of an email be notified
Email Tracker Email Cross- if the email they sent is read by the
Forensic platform recipent.
6 The MailPRO+ Email Migration Tool
MailPro+ Email Desktop Provides an Advanced Search for filtering
Forensic crucial evidence from emails

7 A software that is used for computer

X-Ways OS Forensic Windows forensics, electronic discovery, data
forensics recovery, low-level data processing,
and IT security.
8 Windows
OS Forensic A software for provides several tools
for obtaining and reporting important
Register viewer registry information.
9 Asterisk Logger OS Forensic Windows A software that can be utilized to
extract vital information from a
running system.
10 BlackLight Memory Cross- A software for quickly analyzes
Forensic platform computer volumes, mobile devices
and analysis of memory images.

11 Volatility Memory Cross- A modular and extensible platform

Forensic platform which allows you to extract useful
information about network
connections, open sockets, running
processes, process DLLs process,
cached registry hives and lots more.

12 Sans Sift Memory Cross- A popular digital forensics tool that

Forensic platform comes with all the essential features.
It’s an open-source tool and known
for performing in-depth forensic or
 incident response investigation.
13 NetDetector Network Window A software that provides in-depth
Forensic and real-time forensics that go
beyond firewalls and IDS/IPS
systems to identify, resolve, and
prevent cyber-attacks.
14 OmniPeek Network Windows Omnipeek builds on years of
Forensic LiveAction packet intelligence with
customizable workflows and
visualization across multiple network
segments to enable resolution of
network performance and reliability
issues in real-time.
15 Xplico Network Cross- A tool that extract from an internet
Forensic platform traffic capture the applications data
contained.
A tool to spot artifacts of executable
16 Malware Cross-
files in order to ease and accelerate
Pe Studio Forensic platform
malware initial assessment.
Process hacker allows a malware
17 Process Hacker Malware Cross-
analyst to see what processes are
Forensic platform
running on a device.
A tool behavioral malware analysis
18 Malware Cross-
tool which provides merging for
ProcDot Forensic platform
recorded activities accordingly.
This utility shows what programs are
19 Malware
Autoruns Windows configured to run during system
Forensic
bootup or login.
Fiddler allows a malware analyst to
identify the domains that are
20 Malware Cross-
Fiddler hardcoded into the document and
Forensic platform
will be used to download the hosted
malware.
Wireshark is the de facto tool for
Malware Cross- capturing and analysing network
21 Wireshark traffic.
Forensic platform
Reference
[2]
1. https://info-savvy.com/list-of-mobile-forensic-tools/
2. https://info-savvy.com/list-of-mobile-forensic-tools/
3. https://info-savvy.com/list-of-mobile-forensic-tools/
4. https://xtraxtor.com/
5. https://emailtracker.website/
6. https://www.systoolsgroup.com/mail-pro-plus.html
7. https://www.x-ways.net/forensics/
8. https://belkasoft.com/registry_viewer
9. https://asterisk-logger.en.softonic.com
10. https://sat.ae/mobile-forensics/extraction/blacklight/
11. https://www.volatilityfoundation.org/
12. https://www.sans.org/tools/sift-workstation/
13. https://niksun.com/netdetector.php
14. https://www.liveaction.com/products/omnipeek-network-protocol-analyzer/
15. https://www.xplico.org/
16. https://www.winitor.com/
17. https://www.varonis.com/blog/malware-analysis-tools#ProcessHacker
18. https://www.procdot.com/
19. https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
20. https://www.telerik.com/fiddler
21. https://www.wireshark.org/