→
Software used in the field
An overview of the tools covered, with licensing. Replacements happen, so this can change.
| Tool | Purpose | License |
|---|---|---|
| Autopsy | Forensic framework (Sleuth Kit); ingest modules + plugins. | Free / OSS |
| VMware / VirtualBox | Virtualization. VMware is the author's favourite; VirtualBox is free. | ~$200 / Free |
| EmEditor | Text editor that opens files up to 250 GB — handy for huge logs on Windows. | $259 lifetime / $40 yr |
| Splunk | SIEM; quick to install and start analysing logs. Free up to 500 MB/day. | Free tier |
| SOF-ELK | SANS (Phil Hagen) ELK appliance; recognises common log formats, but needs Elastic/Kibana/Logstash knowledge to customise. | Free |
| Linux | A multitool in itself — does a lot with few resources. | Free |
| SimpleMind Pro | Mind mapping — don't underestimate it for summarising topics. | ~$28 lifetime |
| Screenpresso | Image / video / audio capture for documentation. | Free / ~$45 |
| Windows | OS; trial license works 90 days with full functionality. | OEM / Volume |
| FTK Imager | Free imaging tool (AccessData) — AD1, DD, E01. USB media may need a separate write-blocker. | Free |
| dd / dc3dd / dcfldd | Linux imaging tools; variants add hashing and progress bars. | Free / OSS |