Tools and Utilities

Here are some tools and utilities commonly used for practices related to digital forensics:

Pdfinfo

• Used to extract metadata of Portable Document Format (PDF) files

Commands

• Installation

sudo apt install poppler-utils

---

• Read the metadata of a PDF file

pdfinfo $pdffilename

ExifTool

• Used to extract Metadata from files, especially images

Commands

• Install

sudo apt install exiftool

---

• Read EXIF data

exiftool $filename

Steghide

• Stenography tool that is used to hide data within image and audio files, and also to recover hidden data embedded in files

Commands

• Install

sudo apt install steghide

---

• Handle embedded data

steghide info $filename #Get info from embedded data
steghide extract -sf $filename #Extract data from file

d4js

• Used to deobfuscated JavaScript code

• https://lelinhtinh.github.io/de4js/

Shred

• Used to delete and overwrite drive or file information in Linux

Commands

• Install

sudo apt install coreutils

---

• Usage

sudo shred $filename
sudo shred $filename -f     #Change permissions to allow overwriting
sudo shred $filename -n $n  #Specify number of times to overwrite
sudo shred $filename -v     #Verbose mode, show step-by-step
sudo shred $filename -u     #Truncate and eliminate file after overwriting
sudo shred $filename -z     #Overwrite with 0
sudo shred -vu /dev/$unit   #Delete a memory unit or partition

SDelete

• Tool to delete and overwrite drive or file information in Windows

• https://learn.microsoft.com/es-es/sysinternals/downloads/sdelete

FOCA

• Fingerprinting Organization with Collected Archives is a tool designed to find metadata and hidden information in documents, analyzing websites as well as Microsoft Office, Open Office, PDF, and other documents

• https://github.com/ElevenPaths/FOCA