Digital Forensics Tools By YogSec – A Comprehensive Guide

👉 GitHub Repo: https://lnkd.in/g7zDqGbj

YogSec’s Digital-Forensics-Tools repository is a curated collection of essential tools for digital forensics, investigation, data recovery, and security analysis. The repo covers:

💾 Disk Forensics: Tools like Autopsy, The Sleuth Kit, and FTK Imager for disk imaging & recovery.
🧠 Memory Forensics: Volatility, Rekall, and DumpIt for deep memory analysis.
🔎 File Recovery: Scalpel, TestDisk, and Recuva to retrieve lost data.

You Should Know: Practical Digital Forensics Commands & Tools

1. Disk Forensics

FTK Imager (Windows) – Acquire disk images:

ftkimager --source C: --dest E:\evidence\ --case 001 --e01

The Sleuth Kit (Linux) – Analyze disk partitions:

mmls /dev/sda1  List partitions
fls -r /dev/sda1  Recover deleted files

2. Memory Forensics

Volatility (Linux/Windows) – Analyze RAM dumps:

volatility -f memory.dmp imageinfo  Identify OS profile
volatility -f memory.dmp --profile=Win10x64 pslist  List processes

Rekall – Extract registry hives:

rekal -f memory.raw --profile Win10 hooks  Detect kernel hooks

3. File Recovery

TestDisk (Linux/Windows) – Repair partitions:
```
testdisk /dev/sdb  Recover lost partitions
```

Scalpel (Linux) – Carve files from disk:

scalpel -c /etc/scalpel.conf /dev/sdc -o recovered_files/

4. Network Forensics

Wireshark – Analyze PCAP files:

wireshark -r traffic.pcap -Y "http.request"  Filter HTTP requests

Tshark (CLI Alternative):

tshark -r traffic.pcap -T fields -e ip.src -e ip.dst

What Undercode Say

Digital forensics is critical in incident response, malware analysis, and legal investigations. Mastering these tools ensures efficient evidence collection and analysis. Key takeaways:
– Always hash acquired evidence (md5sum image.dd).
– Use write-blockers to prevent evidence tampering.
– Automate forensics with Python scripts (e.g., `pytsk3` for disk parsing).