Categories

Archives

Cyber Forensics

List of Computer Forensics Tools (Part 1)

Process Explorer: The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

 

Autoruns: Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys.

 

Irfan View : IrfanView is a very fast, small, compact and innovative Freeware (for non-commercial use) graphic viewer for Windows.

Fport :fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the ‘netstat -an’ command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Adapterwatch: AdapterWatch displays useful information about your network adapters: IP addresses, Hardware address, WINS servers, DNS servers, MTU value, Number of bytes received or sent, The current transfer speed, and more. In addition, it displays general TCP/IP/UDP/ICMP statistics for your local computer.

Visual TimeAnalyzer: Visual TimeAnalyzer automatically tracks all computer usage and presents detailed, richly illustrated reports.

 

SIW: SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings and displays it in an extremely comprehensible manner.