devskim blog
Search
🚉

자주 쓰는 포렌식 SW

sections
포렌식
포렌식
Tags
forensic
Created
Apr 29, 2023 09:53 PM
Last Updated
Jul 30, 2023 09:49 AM
 
FTK ImagerX-Ways WinHexHxD EditorDB Browser for SQLiteMessage AnaylzerAutorunsBrowsingHistoryView (Niro Soft)BrowserDownloadsView (Niro Soft)WinPrefetchView (Niro Soft)Registry Explorer (Eric Zimmerman)EnCaseMagnet AXIOM
 
 
 

FTK Imager

  • 이미지 덤프, 파티션 복구 등에 사용
FTK Imager - Exterro
Quickly assess electronic evidence by obtaining forensic images of computer data, without making changes to the original evidence, all with FTK® Imager!
FTK Imager - Exterro
https://www.exterro.com/ftk-imager
FTK Imager - Exterro
 

X-Ways WinHex

  • 이미지 파일, Hex 정보 확인
WinHex: Hex Editor & Disk Editor, Computer Forensics & Data Recovery Software
WinHex hex editor, disk editor, RAM editor. Binary editor for files, disks, and RAM. Download HEX EDITOR. Sector editor. Drive editor.
WinHex: Hex Editor & Disk Editor, Computer Forensics & Data Recovery Software
https://www.x-ways.net/winhex/
 

HxD Editor

  • 파일의 Hex 정보 확인
HxD - Freeware Hex Editor and Disk Editor | mh-nexus
HxD - Freeware Hex Editor and Disk Editor | mh-nexus
https://mh-nexus.de/en/hxd/
 

DB Browser for SQLite

  • SQLite DB 정보 조회
Downloads - DB Browser for SQLite
Downloads - DB Browser for SQLite
https://sqlitebrowser.org/dl/
 

Message Anaylzer

  • 이벤트, etl 분석
Installing and Upgrading Message Analyzer - Message Analyzer
Installing and Upgrading Message Analyzer - Message Analyzer
https://learn.microsoft.com/en-us/message-analyzer/installing-and-upgrading-message-analyzer#installing-message-analyzer-from-the-command-line
Installing and Upgrading Message Analyzer - Message Analyzer
 

Autoruns

  • 자동 실행 프로그램 목록 확인
Autoruns for Windows - Sysinternals
See what programs are configured to startup automatically when your system boots and you login.
Autoruns for Windows - Sysinternals
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
Autoruns for Windows - Sysinternals
 

BrowsingHistoryView (Niro Soft)

  • 브라우저의 접속 기록 확인
View the browsing history of your Web browser
View the browsing history of all major Web browsers (Firefox, Chrome, Internet Explorer, and more) in one table.
View the browsing history of your Web browser
https://www.nirsoft.net/utils/browsing_history_view.html
View the browsing history of your Web browser
 

BrowserDownloadsView (Niro Soft)

  • 브라우저의 다운로드 이력 확인
View downloads of Chrome and Firefox
Windows tool to view the downloads of Chrome and Firefox Web browsers, also export the downloads list to csv/tab-deleimited/html file, calculate downloads hash (MD5,SHA1,SHA256,SHA512), and more...
View downloads of Chrome and Firefox
https://www.nirsoft.net/utils/web_browser_downloads_view.html
View downloads of Chrome and Firefox
 

WinPrefetchView (Niro Soft)

  • GUI 상으로 프리패치 내용 확인
View the content of Windows Prefetch (.pf) files
View the content of Windows Prefetch (.pf) files
https://www.nirsoft.net/utils/win_prefetch_view.html
 

Registry Explorer (Eric Zimmerman)

  • 레지스트리, Amcache 파일 분석을 위한 도구
Eric Zimmerman's tools
https://ericzimmerman.github.io/#!index.md
 

EnCase

  • 상용 포렌식 도구로 USB 동글 필요
OpenText Encase Forensic
Close cases quickly with the powerful digital forensic investigation capabilities of OpenText EnCase Forensic.
OpenText Encase Forensic
https://www.opentext.com/products/encase-forensic
OpenText Encase Forensic
 

Magnet AXIOM

  • 상용 포렌식 도구로 비교적 사용이 편리함
Magnet AXIOM | Digital Forensic Software | Magnet Forensics
Recover digital evidence from the most sources and use powerful and intuitive Analytics tools to easily analyze all data in one case file.
Magnet AXIOM | Digital Forensic Software | Magnet Forensics
https://www.magnetforensics.com/products/magnet-axiom/
Magnet AXIOM | Digital Forensic Software | Magnet Forensics
PREV모바일 포렌식 추출 방법론
NEXTREvil Ransomware (Redline)