Operating systems and open source tools for digital forensics

Just as there are several commercial tools available, there exist many open source tools available to investigators, amateur and professional alike. Many of these tools are Linux-based and can be found on several freely-available forensic distributions.

The main question that usually arises when choosing tools is usually based on commercial versus open source. Whether using commercial tools or open source tools, the end result should be the same, with preservation and integrity of the original evidence being the main priority.

Budget is always an issue and some commercial tools (as robust, accurate, and user-friendly as they might be) can cost thousands of dollars.

The open source tools are free to use under various open source licenses and should not be counted out just because they are not backed by enterprise developers and researchers. Many of the open source tools are widely reviewed by the forensic community and may be open to more scrutiny, as they are more widely available to the public and are built in non-proprietary code.

Though the focus of this book is on the forensic tools found in Kali Linux, which we will begin looking at toward the end of this section and onward, here are some of the more popular open source forensic distributions, or distros, available.

Each of the distros mentioned in the following sections is freely available at many locations but, for security reasons, we will provide the direct link from their homepages. The operating systems featured in this section are listed only in alphabetical order and do not reflect any ratings, reviews, or even the author's personal preference.