In November I did a presentation at the monthly NebraskaCert Cyber Security Forum. Someone had suggested an overview of forensic tools. I put together a list of free tools in a couple different categories. Here is the list:
FTK Imager
http://www.accessdata.com/downloads.html
Forensic Acquisition Utilities (FAU)
http://gmgsystemsinc.com/fau/
Winhex
http://www.x-ways.net/winhex/
PhotoRec
http://www.cgsecurity.org/wiki/PhotoRec
Scalpel
http://www.digitalforensicssolutions.com/Scalpel/
Analyze
ProDiscover Basic
http://www.techpathways.com/DesktopDefault.aspx?tabindex=9&tabid=14
The Sleuthkit and Autopsy
http://www.sleuthkit.org/
WinHex
http://www.x-ways.net/winhex/
PyFlag
http://www.pyflag.net/cgi-bin/moin.cgi
FTK Demo (up to 5000 items)
http://www.accessdata.com/downloads.html
SANS SIFT Workstation (only available to portal members)
http://forensics.sans.org/community/downloads/
mdd
http://sourceforge.net/project/showfiles.php?group_id=228865
win32dd
http://win32dd.msuiche.net/
Volatility
https://www.volatilesystems.com/default/volatility
Memoryze
http://www.mandiant.com/software/memoryze.htm
LiveView (launch image in VMWare)
http://liveview.sourceforge.net/
ProDiscover Basic (creates config files)
http://www.techpathways.com/DesktopDefault.aspx?tabindex=9&tabid=14
VDKWin (edit config files)
http://petruska.stardock.net/Software/VMware.html
Helix
http://www.e-fense.com/helix/
Caine
http://www.caine-live.net/en/index.html
PlainSight
http://www.plainsight.info/download.html
BAckTrack (**will mount drives, but has forensic tools)
http://www.remote-exploit.org/backtrack.html
Misc.
RegRipper (excellent Registry parser)
http://regripper.net/
Forensic CaseNotes
http://www.qccis.com/?section=casenotes
NirSoft Tools
http://www.nirsoft.net/
Historian
http://www.mandiant.com/software/webhistorian.htm
Windows File Analyzer
http://www.mitec.cz/wfa.html
Websites
http://forensicir.blogspot.com