AccessData Forensic Toolkit (FTK) by AccessData Corp

The AccessData Forensic Toolkit (FTK) offers law enforcement and corporate security professionals the ability to perform complete and thorough computer forensic examinations. The FTK features powerful file filtering and search functionality. FTK's customizable filters allow you to sort through thousands of files to quickly find the evidence you need.

Advanced Password Recovery Software Tool Kit by New Technologies, Inc.

NTI makes a full Suite of Password Recovery Software Tools available for its corporate and government clients. The password recovery software was created to deal with files protected through the use of popular computer applications. It is not NTI's goal to aid hackers or criminals in accessing sensitive data. Rather, these password crackers are made available on a restricted basis to NTI clients to aid computer forensics specialists in dealing with password protected data during the course of their work. Based on our tests and feedback from NTI clients, these Password Recovery Software Tools are the fastest on the market, easiest to use, least expensive and they are feature rich. More password recovery tools are in development which will target the security afforded by other popular computer applications. Upgrades will be provided free of charge (for a period of one year) to NTI clients who have purchased the Password Recovery Tool Kit.

Autopsy Forensic Browser by Brian Carrier

The Autopsy Forensic Browser is a graphical interface to the command line digital forensic analysis tools in The Sleuth Kit. Together, The Sleuth Kit and Autopsy provide many of the same features as commercial digital forensics tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS).

EnCase Forensic Edition by Guidance Software

EnCase Forensic Edition delivers advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software's award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.

FCCU GNU/Linux Forensic Boot CD by Christophe Monniez

This CD is based on KNOPPIX. It is a remaster made for the computer forensic investigator. Its main purpose is to create images copies of devices before analysis. It does not use a lot of cpu cycles for unnecessary programs, that is why it drops you to a shell right after the boot. Thanks to KNOPPIX, a lot of hardware is supported. FCCU leaves the target devices unaltered (It does not use the swap partitions found on the devices). The CD also contains a lot of forensic tools.

Forensic Server Project (FSP) by Harlan Carvey

The Forensic Server Project (FSP) is a proof of concept tool for retrieving volatile (and some non-volatile) data from potentially compromised systems. The FSP consists of several Perl scripts and third-party utilities. The server component of the FSP is run on an investigator or administrator's system, and handles all data storage and activity logging. The client components (i.e., FRU.pl and supporting Perl scripts and tools) of the FSP are burned to a CD, and run from the CD drive of the potentially compromised system. Data is copied to the server component via TCP/IP. It should be noted that while the FSP is used for incident response and forensic audits of Windows systems, it is also an open source project. The server component is written in Perl, and can be run from other systems that support Perl (with minor modifications). Client components can be written in Perl, or any other scripting language.

FoRK (Forensic or Rescue Kit) by Vital Data

Named "Vital Data Forensic or Rescue Kit (FoRK)", this mini GNU/Linux distribution is a LiveCD that has been created by adapting Knoppix 3.6 using ideas provided by other distributions (i.e. Penguin Sleuth Kit & F.I.R.E.) in the area and advice from Linux and Forensics professionals. FoRK provides 2 environments for an investigator - imaging mode (default), in which the LiveCD boots to a console and automatically loads Vital Data's custom imaging script; and preview mode (accessed by typing "desktop" at the boot prompt), loading a GNOME desktop from which the investigator can mount the suspect's hard drives in read only mode, and preview their contents. Preview mode also provides access to the numerous tools and applications included on the CD, typical of a Knoppix distribution.