If you are looking for a comprehensive Forensics And Incident Response toolkit, the answer is CAINE (Computer Aided INvestigative Environment).
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
CAINE represents fully the spirit of the Open Source philosophy because the project is completely open, everyone could take on the legacy of the previous developer or project manager. The distro is open source, the Windows side is freeware and, the last but not least, the distro is installable, thus giving the opportunity to rebuild it in a new brand version, so giving a long life to this project.
Here you can download the CAINE free ISO image. The ISO fits approx. 3800 MB.
Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including,
- No need of remembering command line parameters.
- Storage of the operating system profile, KDBG address and process list with the memory dump, in a .CFG file. When a memory image is re-loaded, this saves a lot of time and avoids the frustration of not knowing the correct profile to select.
- Simpler copy & paste.
- Simpler printing of paper copies (via right click).
- Simpler saving of the dumped information to a file on disk.
- A drop down list of available commands and a short description of what the command does.
- Time stamping of the commands executed.
- Auto-loading the first dump file found in the current folder.
- Support for analysing Mac and Linux memory dumps.
Get started by downloading the tool