5 Free Digital Forensic Investigation Tools: Learn to Use Them and Make Your Resume Shine!


If you are earning your forensic science degree online, chances are you are busy balancing work, family and school all at once; so adding something else to the mix may be difficult. Still, if you take the time to get familiar with these free and open source forensic investigation tools it’s going to make your resume shine – especially if you plan to work in Cyber Crime and Security. Once you are hired you will be able to hit the ground running and begin helping your department immediately. Let’s take a look at some of the top free forensic software offers on the market today.


Autopsy & The Sleuth Kit

Used for: Analyzing computers & smart phones

The Sleuth Kit (packaged with Autopsy) is arguably the most well known free computer forensic software. A fairly active community has emerged around TSK +A and you will be able to join email lists, participate in forums and ask regular users any question you may have about how to use the tools. As expected with an Open Source platform, there are regular updates. You can also check out their website for some free training tutorials which will help you get started.


SANS Investigative Forensic Toolkit (SIFT)

Used for: Incident Response and Digital Forensics

SANS SIFT is free, open-source and constantly updated. It comes pre-configured with tools which will allow you to conduct a thorough forensic investigation as soon as you install it. It has so much out-of-the-box capability in fact, that it can go toe-to-toe with many of the most expensive commercial took kits and still come out ahead. There are also a number of free training courses you can take to get you up to speed once you download it. If you happen to live in Texas they are hosting a Summit and Training event this June (2016) in Austin. You can get details on it here. Even if you aren’t nearby for this training, check out their homepage for future announcements, they host events all over the U.S.




Used for: The Beginners Best Friend

PlainSight is a no-frills, easy to use beginning analysis platform. What good does to do to download free software with hundreds of bells and whistles if you don’t even know what you need them for? If you’re just getting started in computer forensics give PlainSight a try. It’s not a powerhouse, it’s the exact opposite. It’s easy to understand, easy to use and focuses on the core forensic tools you will need like: recovering dumped files, viewing internet history and discovering user information.



Digital Forensics Framework

Used for: Write blocking, remote access, deleted file recovery, RAM recovery

Digital Forensics Framework is a free user-friendly option for both beginners and advanced users. It includes guided tutorials to walk you through it’s capabilities and you can get it up and running quickly. The write blocking feature allows you to secure evidence and it even offers remote access capabilities. It is open source, and, if you’re extremely savvy you can write your own code for the DFF API.



Used for: Advanced RAM analysis

This is one of the most popular forensics tools on the market. You will likely be introduced to it as you earn your degree, but if you want to get a head start (or if your instructors somehow overlooked it) make sure you download Volatility. This is an essential program to be able to list on your resume when you graduate. There is a massive online community of users so any problem you have using it has likely been answered several times over. The most recent version even supports Windows 10 and there are plenty of available tutorials to get you started.