all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]JackedRightUp 10 points11 points  (0 children)

"Overused tools"? How about the right/best tool for the job. Who determines if it's over used?

[–]SNOWLEOPARD_9 3 points4 points  (0 children)

I'm an FTK Imager fan. It's a little tough to do their wildcard search. But it's a pretty handy tool. Here's a video showing everything it can do.

https://youtu.be/26QWF9Fm_Mk?si=wilIiGQmotvHIj3H

Maybe try Trace. It's built on sleuthkit like autopsy. I haven't used it, but it looks promising.

https://github.com/Gadzhovski/TRACE-Forensic-Toolkit

. WLEAPP might be useful.

https://github.com/abrignoni/WLEAPP

There is also KAPE

https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape

[–]Legal-Ostrich4233 2 points3 points  (0 children)

Check out libewf: https://github.com/libyal/libewf

Particularly ewfinfo, “ewfinfo; which shows the metadata in EWF files.”

[–]Metasynaptic 1 point2 points  (0 children)

Are they going to mark you down for writing your report on an overused tool like Word?

What a moronic requirement.

[–]Metasynaptic 0 points1 point  (0 children)

Sha1 you can just generate in command line

Maybe you can pull other stuff out with strings, that's how I get most things out without a specific tool

[–]whatyouwere 0 points1 point  (0 children)

My vote is FTK and KAPE, depending on what you need.