In the earlier articles in this series we looked at free tools for data mirroring, for registry forensics, disk forensics, network forensics, and then tools for conducting Internet and browser forensics.
Now we will look at some free tools available for application forensics tasks, where we can extracts logs of applications those were stored during the execution of applications. For any application we can see the application’s restricted information without knowing the password.
Tool: Yahoo! Messenger Archive Decoder
Yahoo! Messenger Archive Decoder allows you to view all the chat conversation without knowing the password. This software decodes normal conversation messages, private messages, conferences, and SMS/Mobile Messages to HTML or plain text, complete with time stamps, smileys, and font formatting. It also supports Unicode text.
This tool digs into Skype call and messaging data and file transfers, then items can be copied to clipboard or exported into a text/html/csv/xml file.
Forensics Series Conclusion
Computer forensics is all about collecting evidence from computers that is sufficiently reliable to stand up in court. The goal of computer forensics is to do a structured investigation and find out exactly what happened in a digital system and who was responsible for it.
There are many tools that are used in the process of examining digital evidence and evaluating system security. Some of the free tools that are described above will help you conduct a computer forensic investigation in a well-defined manner.
About the Author: Mohit Rawat writes for Infosec Institute and is an engineering graduate and works as a Security Analyst.Specialized in social engineering, penetration testing, application vulnerability assessments, digital forensics investigations and IT security architecture. He works for both public and private sector clients, perform penetration testing, digital forensics investigations and deliver security training to IT professionals.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Leveraging the Windows Registry in Digital Forensics Investigations
- Digital Forensics and Incident Response
- Tales From the Crypto: Case of the Malicious IT Contractor
- Philip Polstra Discusses Digital Forensics
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock