6 Best Free Open Source Digital Forensics Tools For Windows

Here is a list of best free open source digital forensics tools for Windows. As these are open source forensics software, thus you can also download and edit their source code without any restriction. Using these software, forensic experts can find out the hidden activities, hidden programs, data, files, etc., from a system. Each of these forensic tools is specialized in a specific aspect of forensics like extracting data from blurred images, analyzing network activity to find hidden programs, extracting hidden files and data from a system, etc.

To extract data from an image, these software offer deblurring tools that you can manually use. On the other hand, you can use network analyzer based forensic tools to find out the hidden programs which are using the internet. In addition to that, they also find out IP addresses of the host server, name of servers, data transferred between server and client, etc. A few of these software also let forensic analyzers to extract hidden files, track browsing activities, and recover encrypted data. After finding out the desired information, you can save the data and extracted images. Go through the list to know more about these software.

My Favorite Open Source Digital Forensic Tools For Windows:

Autopsy is one of my favorite open source digital forensics tools that lets you find and extract hidden data, files, and media from a system. Plus, it can also be used to extract the browsing activity, program usage, image geolocation information, etc.

NetworkMiner is another good software that you can try if you want to locate hidden programs and apps by tracking their network usage.

You can also check out lists of best free Digital Forensic Tools, Forensic Photo Enhancement, and Neural Network software for Windows.

Autopsy

Autopsy is a free open source digital forensics tool for Windows, macOS, and Linux. Through this software you can find out all the hidden activities performed in a system. It is also used by law enforcement and military to scan and find hidden data, activities performed on a system. Using it, you can recover all types of files and data such as documents, video, images, web artifacts, keywords, and more. Now, check out the main features of this software.

Main Features:

• Multi-User Cases: This feature lets multiple examiners to collaboratively work on a digital forensic project.
• Timeline Analysis: This software tracks all the breakthroughs and evidence that it shows in the form of a graphical timeline that helps you analyze the time and date of breakthroughs.
• Keyword Search: It is another handy feature that lets you search for a specific keyword to find all the files and data associated with that keyword.
• Web Artifacts: It extracts all the web activity (browsing, bookmarks, history, etc.) of a user and give them to examiners for the examination.
• Registry Analysis: This feature uses the RegRipper module of this software to find out the recently accessed documents and portable USB devices.
• LNK File Analysis: Using it, you can find out all the shortcuts and documents used by the user of a system
• EXIF: Using it, you can analyze images by extracting their geolocation and camera information.
• Robust File System Analysis: This software supports many file systems thus give examiners the ability to work with storage devices with varying file systems such as NTFS, FAT12, FAT16, FAT32, ExFAT, HFS+, ISO9660, Ext2, and more.
• Hash Set Filtering: This feature separates the good files from bad ones using multiple hash sets namely HashKeeper, md5sum, and EnCase.
• Generate Report: After all the analysis, you can generate the final report in HTML, Excel, Text, etc., formats.

Additional Features:

• This software comes with its own media player in which you can play all the extracted media files.
• This digital forensic tool can also extract information about the file type using digital signature and extension mismatch methods.
• In it, you can also tag files and documents with keywords like suspicious, important, etc., to quickly find necessary evidence using tag names.

Final Thoughts:

It is a feature-rich open source digital forensic tool through which you can easily extract all the hidden data and activities from a system.

NetworkMiner

NetworkMiner is another free open source digital forensics tool for Windows and Linux. It is mainly a network sniffer software that also helps investigators to find forensic evidence related to sent data, received data, type of data, address of host computer or server, etc. Plus, all the network tracking tasks like detecting open ports, hostnames, sessions, etc., are also performed by it. Now, check out the main features of this software.

Main Features:

• Capture: As soon as you start the network capturing process, you can view the IP address of host websites, MAC address, size of sent/ receive data, session time, etc., that helps you identify hidden programs which are communicating with the internet along with IP address of servers from which hidden program are communicating.
• Files, Images, and Messages tabs: In these tabs, you can view the name, size, description, thumbnails, etc., of sent and received data. You can also search for a keyword to extract all the detected data associated with the searched keyword.
• OS Fingerprinting: This software also offers an OS Fingerprinting technique that helps experts to detect the Operating Systems used by a host website or server.
• Credentials Capture: This software can also track and store the login credentials used by a user over the network like username, password, etc.

Final Thoughts:

It is another easy to open source digital forensics tool through which you can find out the information about the host server and data transferred between a system and server.

Image Forensics Search System

Image Forensics Search System is another free open source digital forensics tool for Windows. It is a Java-based software that requires Java to work.

It is an advanced image identifying tool that lets you find all the instances of a person of interest or object in a large set of data. Using it, forensic experts can search the target image of a victim or guilty person from a large image set. This software provides three main methods to search a large image set namely Search a target image within another image, Search for similar images within a selected directory, and Search for source image within every image in the selected directory. Now, check out the main search features of this software.

Main Features:

• Search a target image within another image: As its name suggests, this feature searches for a target image within a group or set of images like collage, standard images, panorama, etc.
• Search for similar images within a selected directory: Using it, forensic experts can search for their target image within a directory or folder. After comparing the target image with all the images of a directory, it provides one or more images with the highest possibilities of having the target person or object.
• Search for source image within every image in the selected directory: This feature searches the source image within every image present in a selected directory.
• Human: If you enable this feature then, this software will also consider skin color and looks of a face for accurate detection.

Final Thoughts:

It is a simple open source digital forensics tool through which you can find out target person, image, and object from a group of images.

Wireshark

Wireshark is a free network capture and analysis software that can also be used as an open source digital forensics tool. It works on Windows and macOS. Through this software, you can track all the activities of a system that helps you find the forensic details about the hidden programs and apps which are using the internet. As soon as you launch this software, it starts the network tracking process. Now, check out the main features of this software.

Main Features:

• Capture: Using it, you can start or stop the network capturing process and find out about the protocols used by the applications and their destination addresses from which they are communicating. It helps you locate all the hidden programs and apps which are using the internet.
• Packet Search: It is present in multiple modules of this software that enables you to find out a specific data packet from the list of packets being captured by the software.
• Analyze: Through this Analyze section, you can analyze a specific set of captured data by applying filters and enabling certain protocols.
• File Analysis: In this software, you can also import network data files of PCAP, CAP, ERF, TRC, etc., formats and perform analysis on them just like the captured network traffic.

Additional Features:

• In this software, you can also view various statists about a network like resolved address, endpoints, packet lengths, service response time, current protocol, UDP multicast streams, etc.
• After forensic analysis of the network, you can export the final data in TXT, CSV, JSON, etc., formats.

Final Thoughts:

It is a good open source digital forensics tool through which you can find out hidden programs and apps of a system that are using the internet.

SmartDeblur

SmartDeblur is the next free open source digital forensics tool for Windows and macOS. Through this software, forensic experts can extract text and faces from a blurred image. As you know people use blur effect or filter to hide the information. However, with the use of this software, you can reduce the blur and find out the actual information present in an image. To forensically deblur an image, it uses a combination of deconvolution algorithms. Another good thing about this software is its ability to support two of the most popular image formats namely JPG and PNG.

Main Features:

• Defect Type: Before starting the image deblurring process, you need to use this menu to specify the type of blur that you want to remove namely Out of Focus Blur and Motion blur.
• Blur Parameters: In this section, you get two most important tools of this software namely Radius and Smooth. To remove the blur, you need to manually vary the Radius and Smooth sliders until you get the optimum result.
• Correction Strength: Through this tool, you can adjust the strength of correction to reduce the noise from the final image.

Additional Features:

• Show Original: During the image deblurring process, you can use it to view the original blurred image.
• Save: After the successful extraction of desired information from a blurred image, you can use this it to save the final image in PNG or JPG image format.

Final Thoughts:

It is a simple and effective open source digital forensics tool through which you can extract text, faces, and other important data from a blurred image.

Phoenix

Phoenix is the next free open source digital forensics tool for Windows and Linux. It is a simple and lightweight command-line based software through which you can perform different analysis on images to extract any relevant information from it. Some of the main analysis features that it offers are error level analysis, luminance gradient, average distance, HSV, and Lab colorspace histograms

As it is a command-line based software, thus it does not come with any graphical user interface. To use it, you need to execute certain commands. Now, check out the main commands of this software.

Main Commands:

• -ela: Through this command, you can perform error level analysis on an image.
• -lg: Use it to adjust the luminance gradient of an image.
• -hsv: Use it to view the LSV histogram of an image.
• -lab: Through this command, you can generate the Lab Colorspace histogram of the input image.

Limitation:

• Lack of the graphical user interface is its main limitation.

Final Thoughts:

It is another good software to extract important information like text, hidden structure, etc., from an image by using different image analysis commands.