Links

Criminal Codes

Forensic Tools

  • FTK Imager
    FTK Imager is a lightweight imaging utility that can be run from a thumb drive.  The current version has the ability to image volatile memory (RAM) and to mount image files.
  • Helix by e-fense
    Helix is a bootable Linux live CD built on Ubuntu used for incident response and computer forensics.  Helix also offers several forensic tools when used on a running Windows system.
  • Mac Memory Reader
    Command-line utility to capture physical memory on a Mac with a PowerPC G4 or newer, or Intel, processor running OS X 10.4, 10.5, or 10.6.
  • Paladin by Sumuri, LLC
    PALADIN is a modified Live Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner.
  • Raptor by Forward Discovery, Inc.
    Raptor is a modified Live Linux CD used to forensically image digital media.  Two versions of Raptor exist.  One for Intel based computers and the other for the older Macintosh PowerPC architecture.
  • Tableau Imager
    Tableau Imager (TIM) is an imaging tool that was designed to use multiple processing cores and multiple processing threads.  The use of a Tableau forensic bridge is required.
  • SPADA
    SPADA is no longer being offered.  Many thanks to Peter Kingsley and Darren Freestone for the years they have dedicated to providing the computer forensic community with a great tool

Other HTCIA Chapters