Criminal Codes

Forensic Tools

  • FTK Imager
    FTK Imager is a lightweight imaging utility that can be run from a thumb drive.  The current version has the ability to image volatile memory (RAM) and to mount image files.
  • Helix by e-fense
    Helix is a bootable Linux live CD built on Ubuntu used for incident response and computer forensics.  Helix also offers several forensic tools when used on a running Windows system.
  • Mac Memory Reader
    Command-line utility to capture physical memory on a Mac with a PowerPC G4 or newer, or Intel, processor running OS X 10.4, 10.5, or 10.6.
  • Paladin by Sumuri, LLC
    PALADIN is a modified Live Linux distribution based on Ubuntu that simplifies the process of creating forensic images in a forensically sound manner.
  • Raptor by Forward Discovery, Inc.
    Raptor is a modified Live Linux CD used to forensically image digital media.  Two versions of Raptor exist.  One for Intel based computers and the other for the older Macintosh PowerPC architecture.
  • Tableau Imager
    Tableau Imager (TIM) is an imaging tool that was designed to use multiple processing cores and multiple processing threads.  The use of a Tableau forensic bridge is required.
    SPADA is no longer being offered.  Many thanks to Peter Kingsley and Darren Freestone for the years they have dedicated to providing the computer forensic community with a great tool

Other HTCIA Chapters