Chapter 17

Forensic Analysis Tools

This chapter covers the following topics:

  • File Carving Tools: This section covers tools including Foremost and the use of strings.

  • Binary Analysis Tools: This section covers Hex dump, Binwalk, Ghidra, GNU Project debugger (GDB), OllyDbg, readelf, objdump, strace, ldd, and file.

  • Analysis Tools: This section covers ExifTool, Nmap, Aircrack-ng, Volatility, The Sleuth Kit, and dynamically vs. statically linked tools.

  • Imaging Tools: This section covers Forensic Toolkit (FTK) Imager and dd.

  • Hashing Utilities: This section describes sha256sum and ssdeep.

  • Live Collection vs. Post-mortem Tools: This section describes netstat, ps, vmstat, ldd, lsof, netcat, tcpdump, conntrack, and Wireshark.

This chapter covers CAS-004 ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial