Tools
Forensics Tools
현재 국내는 별도의 디지털포렌식 인증 기관이 없어 해외에서 널리 인정된 도구를 많이 사용하고 있고, 또 인정해주는 편이다. 대표적인 해외 인증으로는 NIST의 CFTT(Computer Forensics Tool Testing)가 있다. 인증받은 도구의 목록은 CFTT Catalog에서 쉽게 확인할 수 있다.
실제 분석을 수행하다보면 인증받은 도구의 기능적인 한계나 불편함으로 제3의 도구를 사용하는 경우가 있다. 이 경우에는 최종적으로 인증받은 도구로 결과를 한번 더 검증하는 작업이 요구된다. 도구의 장.단점은 목적에 따라 다르기 때문에 자신의 업무 목적에 맞는 적합한 도구를 사용하기 바란다. 다음의 목록이 선택에 조금이나마 도움이 되길 바란다.
Last updated: 2013-09-14
통합 포렌식 도구 (Integrated Forensics Tools)
| Name | Interface | Platform | Manufacturer | Licence |
| EnCase Forensic | GUI | Windows | Guidance Software | Commercial |
| FTK (Forensic Toolkit) | GUI | Windows | AccessData | Commercial |
| Forensic Explorer | GUI | Windows | GetData | Commercial |
| X-Ways Forensics | GUI | Windows | X-Way Software Technology AG | Commercial |
| Mac Marshal Forensic Edition™ | GUI | Macintosh | Architecture Technology | Commercial |
| BlackLight | GUI | Anywhere | BlackBag Technologies | Commercial |
| Autopsy | GUI | Anywhere | Brian Carrier | Opensource |
라이브 CD/VM (Live CD/VM)
| Name | Interface | Platform | Manufacturer | Licence |
| SIFT | – | – | SANS | Freeware |
| PALADIN | – | – | SAMURI | Freeware |
| DEFT | – | – | DEFT Staff | Freeware |
| Helix | – | – | e-fense | Commercial |
| BackTrack | – | – | BackTrack Linux | Freeware |
| C.A.IN.E | – | – | Caine | Freeware |
라이브 포렌식 (Live Forensics)
| Name | Interface | Platform | Manufacturer | Licence |
| FPLive_win | CLI | Windows | JK Kim | Freeware |
| FRED (First Responder’s Evidence Disk) | GUI | Windows | Dark Particle Labs | Freeware |
| WFT (Windows Forensic Toolchest) | CLI | Windows | FoolMoon | Free/Comm |
| Dual Purpose Volatile Data Collection Script | CLI | Windows | Corey Harrell | Opensource |
| IRCR (Incident Response Collection Report) | CLI | Windows | mcleodjp | Opensource |
| COFEE (Computer Online Forensic Evidence Extractor) | CLI | Windows | Microsoft | only Law enforcement |
| MIR (MANDIANT Intelligent Response) | GUI | Windows | Mandiant | Commercial |
| OnLineDFS (OnLine Digital Forensic Suite) | CLI | Windows | CST | Commercial |
| MacResponse LE™ | GUI | Macintosh | AIS | Opensource |
이미징 하드웨어 (Imaging Hardware)
| Name | Interface | Platform | Manufacturer | Licence |
| Image MASSter Series | – | – | Intelligent Computer Solutions, Inc. | Commercial |
| Dossier & Falcon | – | – | Logicube | Commercial |
| TD3 | – | – | Tableau | Commercial |
| Magicube | – | – | DataExpert | Commercial |
이미징 소프트웨어 (Imaging Software)
| Name | Interface | Platform | Manufacturer | Licence |
| FTK Imager (Lite) CLI FTK Imager for Debian, Ubuntu, Fedora, RedHat, Mac OS. | GUI | Windows | AccessData | Freeware |
| Tableau Imager | GUI | Windows | TABLEAU | Freeware (need Tableau W/B) |
| X-Ways Imager | GUI | Windows | X-Ways Software Technology AG | Commercial |
| EnCase Forensic Imager | GUI | Windows | Guidance Software | Freeware |
| FAU DD | CLI | Windows | George M. Garner Jr. | Freeware |
| ODIN | GUI | Windows | JensH | Opensource |
| OSFClone | CLI | Windows | PassMark Software | Opensource |
| ewfacquire, ewfacquirestream | CLI | Unix-based | Joachim Metz | Opensource |
| Guymager | GUI | Linux | vogu00 | Freeware |
| dcfldd | CLI | Unix-based | Nick Harbour | Opensource |
| MacQuisition | CLI | Macintosh | BlackBag Technologies | Opensource |
쓰기방지장치 (Write Blocker)
| Name | Interface | Platform | Manufacturer | Licence |
| Tableau Forensic Bridge | – | – | Tableau | Commercial |
| Wiebetech Dock | – | – | Wiebetech | Commercial |
이미지 마운트 (Image Mounting)
| Name | Interface | Platform | Manufacturer | Licence |
| Arsenal Image Mounter | GUI | Windows | Arsenal Recon | Freeware |
| Mount Image Pro | GUI | Windows | GetData | Commercial |
| OSFMount | GUI | Widows | PassMark Software | Freeware |
| VHD tool | CLI | Windows | Microsoft | Freeware |
| LiveView | GUI | Win & Lin | CMU/td> | Freeware |
| raw2vmdk | GUI | Anywhere | Zapotek/td> | Freeware |
| FTK Imager | GUI | Windows | AccessData | Freeware |
| P2 eXplorer | GUI | Widows | Paraben | Freeware |
| ImDisk | GUI | Windows | LTRDATA | Opensource |
원격 포렌식 (Remote Forensics)
| Name | Interface | Platform | Manufacturer | Licence |
| F-Response Series | GUI | Anywhere | F-Response | Commercial |
메모리 획득 (Memory Acquisition)
| Name | Interface | Platform | Manufacturer | Licence |
| DumpIt | CLI | Windows | MoonSols | Freeware |
| win(32/64)dd | CLI | Windows | MoonSols | Free/Comm |
| FastDump Pro | CLI | Windows | HBGary | Commercial |
| mdd | CLI | Windows | ManTech | Opensource |
| Memorize (for Mac) | GUI | Windows | Mandiant | Freeware |
| FTK Imager (Lite) CLI FTK Imager for Debian, Ubuntu, Fedora, RedHat, Mac OS. | GUI | Windows | AccessData | Freeware |
| WinPmem | CLI | Windows | Michael Cohen | Freeware |
| fmem | CLI | Linux | niekt0 | Freeware |
| LiME | CLI | Linux | Joe Sylve | Freeware |
| Second Look® Linux Memory Acquisition | CLI | Linux | Raytheon Pikewerks | Commercial |
| Mac Memory Reader™ | CLI | Macintosh | Mac Marshal™ | Freeware |
| OSXPMem | CLI | Macintosh | Michael Cohen | Freeware |
메모리 분석 (Memory Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| Redline | GUI | Windows | Mandiant | Freeware |
| Volatility | CLI | Anywhere | Volatile Systems | Opensource |
| Memorize & Audit Viewer | GUI | Windows | Mandiant | Freeware |
| Responder Pro | GUI | Windows | HBGary | Commercial |
| Second Look® Linux Memory Analysis | CLI | Linux | Raytheon Pikewerks | Commercial |
| Volafox | CLI | Mac OS | n0fate | Opensource |
| Volafunx | CLI | FreeBSD | n0fate | Opensource |
타임라인 분석 (Timeline Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| log2timeline | CLI | Linux & Mac | Kristinn Gudjonsson | Freeware |
| plaso | CLI | Win & Mac | Kristinn Gudjonsson | Freeware |
| 4n6time | GUI | Win & Mac | Kristinn Gudjonsson | Freeware |
| Timeliner | GLI | Windows | Woanware | Freeware/Opensource |
| Timeline Report | GUI | EnCase-Based | Geoff Black | Opensource |
레지스트리 분석 (Registry Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| REGA(REGistry Analyzer) | GUI | Windows | 4&6tech | Commercial |
| Registry Recon | GUI | Windows | Arsenal Recon | Commercial |
| Registry Workshop | GUI | Windows | TorchSoft | Commercial |
| RegRipper | CLI | Windows | Harlan Carvey | Opensource |
| UserAssist | GUI | Windows | Didier Stevens | Freeware |
| Registry Binary Parser | GUI | Windows | woanware | Freeware/Opensource |
| RegRipperRunner | GUI | Windows | woanware | Freeware/Opensource |
| ForensicUserInfo | GUI | Windows | woanware | Freeware/Opensource |
| USBDeviceForensics | GUI | Windows | woanware | Freeware/Opensource |
| Windows USB Storage Parser (usp) | CLI | Windows | TZWorks | Freeware/Commercial |
| Yet Another Registry Utility (yaru) | CLI | Windows | TZWorks | Freeware/Commercial |
| Windows ShellBag Parser (sbag) | CLI | Windows | TZWorks | Freeware/Commercial |
| Computer Account Forensic Artifact Extractor (cafae) | CLI | Windows | TZWorks | Freeware/Commercial |
파일시스템 메타데이터 (Filesystem Metadata)
| Name | Interface | Platform | Manufacturer | Licence |
| mft2csv | GUI | Windows | joakim | Freeware |
| anlyzeMFT | CLI | Anywhere | David Kovar | Opensource |
| MFTView | GUI | Windows | Sanderson Forensics | Freeware |
| NTFS Directory Enumerator | CLI | Windows | TZWorks | Freeware/Commercial |
| Windows $MFT and NTFS Metadata Extractor Tool | CLI | Windows | TZWorks | Freeware/Commercial |
| Windows INDX Slack Parser | CLI | Windows | TZWorks | Freeware/Commercial |
| Graphical Engine for NTFS Analysis (gena) | CLI | Windows | TZWorks | Freeware/Commercial |
바로가기 파일 분석 (LNK Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| Windows LNK Parsing Utility (lp) | CLI | Windows | TZWorks | Freeware/Commercial |
| lnkanalyser | CLI | Windows | Woanware | Freeware |
로그 분석 (Log Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| Event Log Explorer | GUI | Windows | FSPro Labs | Commercial |
| Log Parser | CLI | Windows | Microsoft | Freeware |
| NTFS Log Tracker | GUI | Windows | blueangel | Freeware |
| NTFS TriForce | CLI | Windows | David Cowen | Freeware |
| Windows Journal Parser (jp) | GUI | Windows | TZWorks | Freeware/Commercial |
| Windows Event Log Viewer | GUI | Windows | TZWorks | Freeware/Commercial |
| Windows Event Log Parser | GUI | Windows | TZWorks | Freeware/Commercial |
| UsnJrnl2Csv | CLI | Windows | joakim | Freeware |
| LogFile Parser | CLI | Windows | joakim | Freeware |
악성코드 분석 (Malware Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| PeStudio | GUI | Windows | Marc Ochsenmeier | Freeware |
| PEView | GUI | Windows | Wayne J. Radburn | Freeware |
| Automater | CLI | Win & Lin | TEKDEFENSE | OpenSource |
| Noriben | CLI | Windows | Rurik | OpenSource |
프리패치 분석 (Prefetch Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| WinPrefetchView | GUI | Windows | NirSoft | Freeware |
| PrefetchForensics | GUI | Windows | woanware | Freeware |
| APFA(Advanced Prefetch File Analyzer) | GUI | Windows | Allan S Hay | Freeware |
| Prefetch Parser | CLI | Windows | SANS | Freeware |
| Windows Prefetch Parser | CLI | Anywhere | TZWorks | Freeware/Commercial |
웹 브라우저 사용 흔적 (Web Browser Artifacts)
| Name | Interface | Platform | Manufacturer | Licence |
| WEFA(WEb browser Forensic Analyzer) | GUI | Windows | 4&6 Tech | Commercial |
| Web Historian | GUI | Windows | Mandiant | Freeware |
| IEF(Internet Evidence Finder) | GUI | Windows | Magnet Forensics | Commercial |
| ChromeForensics | GUI | Windows | woanware | Freeware |
| FireFoxForensics | GUI | Windows | woanware | Freeware |
| firefoxsessionstoreextractor | GUI | Windows | woanware | Freeware |
| Windows ‘index.dat’ Parser (id) | CLI | Windows | TZWorks | Freeware/Commercial |
| BrowsingHistoryView | GUI | Windows | NirSoft | Freeware |
| IECacheView | GUI | Windows | NirSoft | Freeware |
| IECookiesView | GUI | Windows | NirSoft | Freeware |
| IEHistoryView | GUI | Windows | NirSoft | Freeware |
| ChromeCacheView | GUI | Windows | NirSoft | Freeware |
| ChromeHistoryView | GUI | Windows | NirSoft | Freeware |
| MozilaCacheView | GUI | Windows | NirSoft | Freeware |
| MozilaCookieView | GUI | Windows | NirSoft | Freeware |
| MozilaHistoryView | GUI | Windows | NirSoft | Freeware |
| SafariCacheView | GUI | Windows | NirSoft | Freeware |
| SafariHistoryView | GUI | Windows | NirSoft | Freeware |
| OperaCacheView | GUI | Windows | NirSoft | Freeware |
| WebBrowserPassView | GUI | Windows | NirSoft | Freeware |
| MyLastSearch | GUI | Windows | NirSoft | Freeware |
데이터베이스 분석 (Database Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| Exchange EDB Viewer | GUI | Windows | Lepide Software | Freeware |
| ESEDatabaseView | GUI | Windows | NirSoft | Freeware |
| EseDbViewer | GUI | Windows | woanware | Freeware |
| SQLite Expert | GUI | Windows | Bogdan Ureche | Commercial |
| Oxygen SQLite Viewer | GUI | Windows | Oxygen Forensic | Commercial |
| SQLite Database Browser | GUI | Win & Mac | Tabuleiro | Opensource |
| OracleForensics Tools | – | – | – | – |
이메일 분석 (Email Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| E-mail Examiner | GUI | Windows | Paraben | Commercial |
| Mail Viewer | GUI | Windows | MiTeC | Freeware |
| Email Utilities | GUI | Windows | Stellar Information Systems | Commercial |
| Email Recovery Tools | GUI | Windows | Lepide Software | Commercial |
포맷 분석 (Format Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| 010Editor Templates | GUI | Windows | SweetScape Software | Commercial |
| FileInsight | GUI | Windows | McAfee | Freeware |
| Structed Storage Viewer | GUI | Windows | MiTeC | Freeware |
| OffVis | GUI | Windows | Microsoft | Freeware |
| Windows Portable Executable Viewer (pe_view) | GUI | Windows | TZWorks | Freeware/Commercial |
| PDF Parser | CLI | Anywhere | Didier Stevens | Freeware |
| peedpdf | CLI | Anywhere | Jose Miguel Esparza | Freeware |
| PDF Stream Dumper | GUI | Windows | David Zimmer | Freeware |
복원지점/볼륨섀도복사본 분석 (Restore Point/VSC))
| Name | Interface | Platform | Manufacturer | Licence |
| RP Log Tracker | GUI | Windows | blueangel | Freeware |
| libvshadow | CLI | Windows | Joachim Metz | Freeware |
| ShadowExplorer | GUI | Windows | ShadowExplorer | Freeware |
| ShadowKit | GUI | Windows | David Dym | Freeware |
| VSC Toolset | GUI | Windows | Jason Hale | Freeware |
| Reconnoitre | GUI | Windows | Sanderson Forensics | Commercial |
자바 IDX 분석 (Java IDX Analysis))
| Name | Interface | Platform | Manufacturer | Licence |
| RP Log Tracker | CLI | Anywhere | Brian Baskin | OpenSource |
| Javaidx | CLI | Windows | Mark Woan | OpenSource |
| Idxparser | CLI | Windows | Harlan Carvey | OpenSource |
추가적인 아티팩트 분석 (Any Other Artifacts)
| Name | Interface | Platform | Manufacturer | Licence |
| Windows File Analyzer | GUI | Windows | MiTeC | Freeware |
| Windows Jump List Parser (jmp) | CLI | Windows | TZWorks | Freeware/Commercial |
| Portable Executable Scanner (pescan) | CLI | Windows | TZWorks | Freeware/Commercial |
| autorunner | GUI | Windows | woanware | Freeware |
| exefinder | GUI | Windows | woanware | Freeware |
| JumpLister | GUI | Windows | woanware | Freeware |
| shimcacheparser | GUI | Windows | woanware | Freeware |
| Windows Search Index Extractor | GUI | Windows | Filesig Software | Commercial |
| Thumbnail Database Viewer | GUI | Windows | Igor Tolmache | Freeware |
| SFP(Simple File Parser) | GUI | Windows | Chris Mayhew | Freeware |
네트워크 포렌식 (Network Forensics)
| Name | Interface | Platform | Manufacturer | Licence |
| WireShark | GUI | Anywhere | WireShark | Freeware |
| NetworkMiner | GUI | Windows | NETRESEC | Commercial |
| RSA NetWitness | GUI | Win & Lin | RSA | Commercial |
| Ostinato | GUI | Anywhere | Pstavirs | Opensource |
| Packet Builder | GUI | Windows | Colasoft | Freeware |
| SplitCap | CLI | Windows | NETRESEC | Opensource |
| tshark | CLI | Anywhere | WireShark | Freeware |
| Scapy | CLI | Anywhere | Philippe Biondi | Opensource |
| tcpdump | CLI | Anywhere | – | Freeware |
| DNS Query Utility (dqu) | CLI | Windows | TZWorks | Freeware/Commercial |
| Packet Capture ICMP Carver (pic) | CLI | Windows | TZWorks | Freeware/Commercial |
| Network Xfer Client/Server Utility (nx) | CLI | Windows | TZWorks | Freeware/Commercial |
| snorbert | CLI | Windows | Woanware | Freeware |
| SessionViewer | CLI | Windows | Woanware | Freeware |
| enumdotnet | CLI | Windows | Woanware | Freeware |
패스워드 공격(Password Attack)
| Name | Interface | Platform | Manufacturer | Licence |
| EPRB(ElcomSoft Password Recovery Bundle) | GUI | Windows | ElcomSoft | Commercial |
| PPR(Passware Password Recovery) | GUI | Windows | Passware | Commercial |
| SAMInside | GUI | Windows | InsidePro | Freeware |
| ophcrack | GUI | Anywhere | OBJECTIF SECURITE | Freeware |
| L0PHTCRACK | GUI | Windows | L0pht Holdings | Commercial |
윈도우 패스워드(Windows Password)
| Name | Interface | Platform | Manufacturer | Licence |
| Cain & Abel | GUI | Windows | Massimiliano Montoro | Freeware |
| Windows Password Recovery | GUI | Windows | Passcape Software | Freeware |
| pwdump7 | CLI | Windows | Tarasco | Freeware |
| gsecdump | CLI | Windows | Truesec | Freeware |
| PWDumpX | CLI | Windows | Reed Arvin | Freeware |
| lsadump2 | CLI | Windows | izar | Freeware |
| creddump | CLI | Windows | mooyix | Opensource |
| NTPWEdit | GUI | Windows | Vadim Druzhin | Freeware |
| NTPassword | CLI | Windows | Pogostick | Freeware |
모바일 포렌식 (Mobile Forensics)
| Name | Interface | Platform | Manufacturer | Licence |
| MD Series | – | – | GMDSystem | Commercial |
| Cellebrite Mobile Forensics | – | – | Cellebrite | Commercial |
| Device Seizure | – | – | Paraben | Commercial |
| XRY Series | – | – | Micro Systemation | Commercial |
| Oxygen Forensic® Suite | GUI | Windows | Oxygen Software | Commercial |
| MPE+ | GUI | Windows | Access Data | Commercial |
| Lantern | GUI | Mac | KatanaForensics | Commercial |
| iPhone Backup Browser | GUI | Windows | rene.devichi | Commercial |
헥스 편집기 (Hex Editor)
| Name | Interface | Platform | Manufacturer | Licence |
| 010Editor | GUI | Windows | SweetScape | Commercial |
| WinHex | GUI | Windows | X-Ways Software Technology AG | Commercial |
| HexWorkshop | GUI | Windows | HexWorkshop | Commercial |
| HxD | GUI | Windows | Mael Horz | Freeware |
해쉬 분석 (Hash Analysis)
| Name | Interface | Platform | Manufacturer | Licence |
| HashTab | GUI | Win & Mac | Implbits | Free/Comm |
| md5deep/hashdeep | CLI | Anywhere | Jesse Kornblum | Freeware |
| ssdeep | CLI | Anywhere | ManTech | Freeware |
| NSRL Hashsets | – | – | NIST | Freeware |
완전삭제 (Wipe/Sanitization)
| Name | Interface | Platform | Manufacturer | Licence |
| Eraser | GUI | Windows | The Eraser Project | Freeware |
| BCWipe | GUI | Win & Lin | Jetico | Commercial |
| SDelete | CLI | Windows | Sysinternals | Freeware |
| Secure Erase | CLI | Win & Lin | CMRR | Freeware |
데이터 복구 (Data Recovery)
| Name | Interface | Platform | Manufacturer | Licence |
| RMF(Recover My Files) | GUI | Windows | GetData | Commercial |
| R-Studio | GUI | Anywhere | R-Tools Technology | Commercial |
| Power Data Recovery | GUI | Windows | MiniTool® Solution | Commercial |
그 밖에… (Other Tools)
| Name | Interface | Platform | Manufacturer | Licence |
| Highlighter | GUI | Windows | Mandiant | Freeware |
| BinText | GUI | Windows | McAfee | Freeware |
| DCode | GUI | Windows | Digital Detective | Freeware |
| TimeLord | GUI | Windows | Harry Parsonage | Freeware |
| ArgosDFAS | GUI | Windows | DUZON | Commercial |
포렌식 도구 사이트 (dForensics Tool Sites)
| Site |
| MiTeC |
| TZWorks |
| Software for Computer Forensics |
| Woanware |
| NirSoft |
| CFTT Catalog |
| mft2csv |
| Open Source Digital Foresncis |
| RCE Tool Libary |
| Sysinternals |
| ForensicKB |
Tools
![Tools]()
Reviewed by Polynomeer
on
오후 8:32
Rating:
댓글 없음: