Portable Forensics Fieldkit


The Fieldkit is a collection of Windows PortableApps for digital forensics.
PortableApps do not use the registry, so they can be run from a USB with minimal effect on the target system.

Extra tools for extracting forensically interesting artefacts from RAM images come separately: zip 236mb - just unzip to your USB or Windows drive
iso 626mb - just double-click to mount

Install:
Go to the Forensics FK-RAM folder and doubleclick FKRAM-INSTALL.bat
This creates four shortcuts on the desktop:
    FKRAM BEviewer
    FKRAM Redline
    FKRAM qPhotoRec
    FKRAM IOCeditor

The shortcuts will work as long as the drive letter and path stay the same;
if Windows mounts your usb/iso with a different drive letter, just run FKRAM-INSTALL.bat again.



Note: Windows 10 configuration tends to "drift" with its continuous updates, which can cause problems you never knew you had until some app will not start.
This is a problem with Windows, not the app! Follow this procedure if the FieldKit will not start.


EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE
THIS SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THIS SOFTWARE IS WITH YOU. IN NO EVENT WILL
ANY COPYRIGHT HOLDER OR ANY OTHER PARTY BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THIS
SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF ANY PROGRAM TO OPERATE WITH ANY
OTHER PROGRAMS).