FTK imager allows you to take an image of Computer to aid in a digital forensics investigation, it allows you to compare hashes and provides a detail summary of the forensics image such as dates, description, hashing, integrity etc.
It also allows for analysis of forensics files such as RAM captures.
It saves as a .E01 mime type, this is the industry standard format for storing forensic imagery. This allows for further investigation using more advanced tools.
Magnet Process Capture
Magnet Process Capture allows for a full process capture on a machine, you can save to an output file for further examination.
Magnet RAM Capture
Magnet RAM Capture downloads all memory in RAM for further investigation with tools like FTK imager
REDLINE
REDLINE is an advanced tool that allows you to analyse forensics information such as RAM, memory dumps, processes etc. It can furthermore be utilised to create custom Indicators Of Compromise (IOC). IOCs allow for rules to be designed that can be used to scan file systems or memory for indicators of malicious activity such as Malware
Tools Used in Digital Forensics
FTK Imager
FTK imager allows you to take an image of Computer to aid in a digital forensics investigation, it allows you to compare hashes and provides a detail summary of the forensics image such as dates, description, hashing, integrity etc.
It also allows for analysis of forensics files such as RAM captures.
It saves as a .E01 mime type, this is the industry standard format for storing forensic imagery. This allows for further investigation using more advanced tools.
Magnet Process Capture
Magnet Process Capture allows for a full process capture on a machine, you can save to an output file for further examination.
Magnet RAM Capture
Magnet RAM Capture downloads all memory in RAM for further investigation with tools like FTK imager
REDLINE
REDLINE is an advanced tool that allows you to analyse forensics information such as RAM, memory dumps, processes etc. It can furthermore be utilised to create custom Indicators Of Compromise (IOC). IOCs allow for rules to be designed that can be used to scan file systems or memory for indicators of malicious activity such as Malware