Top 10 computer forensics software used by Experts

aamir iqbal
6 min readJul 12, 2021

I’ve seen things you people wouldn’t believe. Files deleted and wiped coming back to life. I watched hard drive heads… glitter in the dark of cleanrooms. All those … data will never be lost … in time, we can get it all back.” (Blade Runnerish).

With our continuous interaction with the new and innovative technological developments, an exponential increase in crimes relating to or using digital devices has been observed but evil can’t last too long. Today we are going to talk about a newly emerging field that is a total pain in the ass for cybercriminals and the ones who use these devices for their criminal activities.

According to Statista, in 2015, the maximum total annualized cost of cybercrime committed against U.S. companies amounted to 65.05 million U.S. dollars.

Digital forensics, also known as computer forensics deals with the scientific investigation of digital crimes and attacks. Its prime focus is to analyze, find and preserve digital evidence related to cybercrimes.

Today we are going to talk about the central tool kit of digital forensic experts that helps them to track down criminals based on their incident response.

1: FTK Imager

FTk imager Dekstop Icon

As we all know that all the operating systems are inherently lazy, so most of the time nothing is actually deleted from a system as long as it has enough space to keep other files and is not overwritten by some other file.

FTK Imager is an open-source digital forensics tool that is used for the creation of a bit-by-bit image a hard drive that can be used for further analysis without damaging the original evidence, hence providing preservation of the evidence

A hash generated by FTK® Imager can be used to verify that the image hash and the disc hash match once the image is created and that the image has remained unmodified after acquisition.

You can download this amazing computer forensics tool from here:

2: Magnet Ram Capture

It is another free imaging forensic software used by digital forensic experts to capture the image of the physical memory of the suspect’s computer for investigation of valuable data that can only be found sometimes in the memory.

The image can be captured in (.RAW/.DMP./BIN) format and then can be used for further investigation by different kinds of other tools like “ Magnet AXIOM, Magnet IEF, and Volatility which we will talk about later in this post.

Free Download link:

3:Cellebrite UFED

When we talk of mobile forensics in digital forensics, nothing can do it better like Cellebrite UFED that eliminates physical extraction, analyzing, and indexing of data by its automation power.

Cellebrite can capture deleted, hidden, and unknown content by bypassing any encryption. Investigators can dive deep into the logical filesystems of androids and ios using cellebrite, allowing them to undertake a comprehensive study and generate a speedy shareable report, making it one of the top choices for law enforcement organizations.

Downloading Link:


Wireshark is a free network forensic application that allows computer forensic experts to sniff, collect, and analyze intercepted packets before saving them in a file that can be read offline for a criminal investigation.

Downloading Link:

5:The Sluethkit/Autopsy

Autopsy is a GUI-based tool used by digital forensic experts for performing analysis of disk images, hard drives, and mobile phones. It can be used for displaying all the metadata entries, Dlls, data recovery, preservation, and important statistical information about the image or storage medium for performing the forensic examination, recovering, tracing, decrypting the evidence, and generating an investigative report.

It comes along as a pre-built tool in Caine Os, which is a Linux-based computer-aided forensic environment.

Link to the site:

6:Malware Analysis

Malware is a term used to describe a group of malicious software programs such as ransomware, adware, worms, and others that can be used to gain unauthorized access to a target’s computer, damage data, encrypt files, and even wipe out entire file systems. It’s one of the fastest-growing risks in the digital world, with new businesses and startups being the most prevalent targets. We can identify, track, and eliminate the threat utilizing computer forensics before it enters our system.

Different tools are being used to cope with this growing issue, most importantly “Crowdstrike”.

Crowd strike provides security of virtual, physical, and cloud data.

It features real-time detection and blocking capabilities, as well as the capacity to quickly recover from malware and manage system vulnerabilities.

Link to download:

7:Caine OS

Nothing beats the Linux community’s ingenuity and curiosity when it comes to software development. There is no operating system that can compete with Linux distros in any industry, including software development, gaming, penetration testing, and ediscovery. Caine OS is a Linux-based computer-aided forensic environment that is widely used in digital forensics. It includes a pre-loaded analysis toolkit that includes volatility, Sluethkit, wire shark, and many others, making it one of the best options for computer forensic investigators.

Link for download:


If you’ve ever had your digital media mistakenly deleted and don’t know how to restore it, then this software is for you. It’s not only simple to use, but it also supports a wide range of file formats, including audio and video files, making it the perfect software for not just extracting evidence but also recovering lost data.

QPhotoRec Interface

Link to download:

9:Encase forensics

Encase is a global standard forensic software that enables speedy and accurate forensic investigations from a wide range of devices without jeopardizing the evidence’s integrity. It’s used to do disk-level forensic investigation and then compile a thorough report on the results.

Link to download:

10:Volatility Framework:

Previously, we talked about capturing the ram using magneto ram, now to analyze that ram, computer forensics experts use this command-line tool pre-loaded in Caine OS that has the ability to analyze 32bit/64bit ram in many formats. Once the image is put to the analysis, it can tell us about the processes that were running on that memory, space used by them, restoring process-specific data, malware analysis, displaying DLLs, command prompt history, active TCP nad UDP connections at the point when the image was taken and physical addresses of registry hives.

This is one of the best-known tools in digital forensics due to its amazing and extreme power.

Installation Link:

These are just a handful of the basic tools utilized by digital forensic experts, but the number of these tools continues to grow as the types and domains of cybercrime expand.



aamir iqbal

let me live, love, and say it well in good sentences.