Computer Forensics means examining computers for traces of data that might solve a problem – be it legal or work-related, or personal use. While the term computer forensics brings to mind an image of professionals using high-end tools to recover and examine data, there are tools that even laymen can use.
Free Computer Forensics software for PC
This article talks of some of the best free computer forensics tools and software that I have come across at some point or other:
- P2 eXplorer
- Digital Forensics Framework
- HxD
- PlainSlight
- Bulk Extractor.
1] P2 eXplorer
This is one of my favorite tools. Not that I have had a real use for it, but I found it interesting because it allows you to browse a disk image without burning it to DVDs. You simply mount a disk image to one of the available letters on your computer and then open it in Windows Explorer. Since it is a disk image, it is read-only. That means you can check out the contents but cannot change it. Nevertheless, it is an important tool if you have to examine disks in detail or when you have too many computer disks to examine. You have all the data in one interface and all you need is to mount the image file and study it.
P2 eXplorer is available in both free and paid versions. The free version runs in 32-bit operating systems only. It does not mount EnCase v7 images nor does it mount any virtual machine files. The paid version is highlighted more on their website, but the link to download the free version is available on the right side of the website.
2] Digital Forensics Framework
This is open-source software that allows for:
- Write blocking
- Read different types of file formats, irrespective of the operating system; you can also recover raw Linux files from a Windows OS using this software
- Remote access to disks and drives
- Recover and examine deleted and hidden files
- Can read the headers of the files easily so that you know which files to dig into for further information
Above all, people with good computer knowledge can build their own code and use it with the API of a digital forensics framework.
3] HxD
This is yet another easy to use tool that analyses the file system and recovers files that have been deleted on purpose or otherwise. It can also modify the RAM (system memory). It can handle files of any size. The interface is easy to use and hence can be used by anyone with little knowledge of how computers work. You can download HXD from the manufacturer’s website.
4] PlainSlight
PlainSlight is yet another free computer forensics tool that is open source and helps you preview the entire system in different ways. Its easy-to-use interface and self-explanatory labels allow people (even with little knowledge of the computer’s internal function) to use it easily. It can recover deleted files, and recover hidden files and folders. It can help with certain other things like obtaining hard disk information, viewing user groups and group information, examining USB storage information, and things like that. Though I like it for its ease of use, it does not offer many features other than the basics of computer forensics. We already have seen P2 eXplorer that can recover file fragments and place them in a readable form. Compared to that, is really very simple. It is available at plainsight.info.
5] Bulk Extractor
This is a good tool as it ignores the file table and parses the disk directly. That enables it to record hidden, system, and deleted files. The information can then be aggregated into similar entries and analyzed using other tools. You can download Bulk Extractor from GitHub.
All of them work on most of the recent Windows versions. If I have missed out on any free or open-source computer forensic tool, please let us know.
An “okay” freebie for retrieving cell phone mobile data: “Oxygen Forensic Suite”; open source for extracting data from apps which use PC internet and network protocols: “Xplico”; if you’re law enforcement and “EnCase” or “Digital Retriever” is too steep, for law officers Microsoft-created “COFEE” is free and good at analyzing disks in less than a half-hour; if anyone at all needs such free for Linux distros, there’s the open source very chunky (1.5GB!) “SANS Investigative Forensic Toolkit”, and hosted at Sourceforge the lighter open source app developed by the Dutch National Police Agency: “Open Computer Forensics Architecture”. As a caveat, most of the freebs you and I have mentioned haven’t been updated since 2009 or 2013…but I haven’t heard many complaints yet. Didn’t say about free for Free BSD or OSX as I don’t know of any free by myself.
Hope this jabber was useful to people, cheers!
i want something for my computer by using which no one can mess with my computer, like preventing anyone from deleting folder & files accidently or intentionally. in one phrase : blocking write access in windows. What i think most important is getting deleted files back specially photographs of our family and friends. thanks for the article btw.
Thank you for sharing the information :)
Setup a Guest Account for other users.
Yeah thanks but I know that; what I want is for my own logged in account so that I give my computer to someone and they can’t delete anything from my PC ???? for whatever reason. Once I deleted all partitions of my hard disk but could recover it by some freeware but at time when I deleted my old photos I couldn’t recovered it by trying hard on various softwares. I don’t know what the problem was even though I didn’t even messed files and folders by writing any more files to that drive.