C-DAC, The institution, which has developed a number of cyber forensic tools such as True Back, Cyber Check, Email Tracer, Cyber Investigator, Hasher and PDA Analyzer has proved the robustness of its tools used for probing cyber crimes.
Union Minister Raja said government had taken steps to amend the IT Act so that information collected using Cyber Forensic Tools developed by C-DAC would be considered as solid evidence in any court of law in the country. As of now, courts do not accept such information as evidence. The amendment would be brought in the next Parliament session.
Cybercheck is a Windows-based application, which allows law enforcement agencies to analyse hard disk content, including deleted files.
TrueBack is a cyber forensic software tool for disk imaging.
Hasher is a tool that enables the user to verify the integrity of any file. Hashing is an extremely good way to verify the integrity of a sequence of data bits.
Emailtracer, incorporates graphical features to help investigators easily track sender's identity in cases of anonymous and threatening emails. It can also be used to retrieve information from mailbox files with extensions.
WinHex is used as a universal hexadecimal editor and is primarily useful in low-level data processing, file inspection, digital camera card recovery, recovery of files even from corrupt files systems, etc. This is one heck of a powerful tool and can especially be used in gathering digital evidence.
FOS is the only one tool of its kind. It is rather a visual basic script code than a executable binary file. First On Scene works with other tools such as PSTools, LogonSessions, FPort, NTLast, PromiscDetect, FileHasher, etc. to gather an evidence log report. This log report can further be analyzed by forensic experts to extract important information.
Rifiuti is a unique tool that aids investigators in finding the very last details of your system's recycle bin folders. Rifiuti is useful to gather critical information on all your delete and undelete activities.
Pasco is a Latin word for "browse". Pasco helps in the analysis of the contents of internet explorer's cache. So in short it can be particularly useful to gather internet activity records from a target computer.
Galleta is a Spanish word that means "cookie". Galleta is useful in examining the contents of cookie files on your machine. Cookie files are basically temporary internet files used by websites to maintain their indigenous logs for tracking and other such purposes.
Forensic Acquisition Utilities (FAU)
Forensic Acquisition Utilities is a set of forensic tools such as md5 checker, file wiper, etc. used for assorted purposes in research and investigation.
NMap is particularly associated with network security. NMap is a port scanner tool that helps find open ports on a remote machine. What separates NMap from other tools is its ability to evade source machine identity and to work without causing any Intrusion Detection System (IDS) alarms to go of.
Ethereal is another network security tool which is not a port scanner but rather a network packet sniffer. Ethereal sniffs data packets over the network and can provide investigators with incoming/outgoing data that is sent over a network. However, ethereal itself cannot be useful in cases where strong encryption algorithms are in place at the source and destination computers.
BinText does not directly investigate but can be useful to browse through gathered evidence files such as that of log files generated by other forensic tools. BinText can be used for pattern matching and filtering these log files.
PyFlag are a couple of tools used for log analysis and can be a very effective tool for investigators if coupled and used with other forensic tools.
Miscellaneous Steganography Tools
Steganography is out of the scope of this article however they cannot be ruled out from the forensic dimension. Steganography is an art to deceive by embedding text or data files in an image file. Various steganography tools help achieve just that. There are some tools however that help in detecting such injections. Recently, hackers and malicious users have been coming up with ideas to inject data files not just in image files but also music and video files and to our much discomfort they have been sucessful with these attempts.