Otter Forensics Tool logo

Otter, a tool for digital Forensics Investigators

The purpose of this page is to describe Otter Forensics tool and its key features.
Whether you are an expert or not, at some point you will need to analyze a computer to prevent, search for, detect, and remove malicious software and malware.
In a Forensics investigation context, the first step is to make an extract, a copy of the data residing on the computer such as a hard drive, memory cache, the registries, as well as opened files, and logged on users.

In addition to the time it takes to acquire data, the investigator needs to install an acquisition tool or write some command lines to acquire a hard drive or a memory. Thus, the investigator faces delays in obtaining the results which may have time and cost impacts for himself and for the company.
The second step consists of conducting the examination on the extracted data copy. Again, the investigator needs to use additional tools to help retrieve additional information and then assemble and reconstruct events to provide the result report.
In the reporting phase, the investigator writes the acquired data hash as well as detailed information related to the examination phase.

This whole process may be time-consuming, costly and difficult to organize.

Providing the ability to Otter to automate these tasks can only help to greatly reduce the time wasted by Forensics investigators when conducting on-site investigation. Otter is an all in one package. It comes as a pre-configured single executable with three investigative steps from live acquisition to analysis and reporting. It is efficient to use and not resource-hungry. It helps to extract crucial information out of Windows systems such as processes legitimacy investigation, DLL’s, running programs and network connections.

Otter Key features include:

  • Windows 10 fully compatible
  • Works with both 64-bit and 32-bit systems
  • Portability, no installation required
  • Running fast, less than 15 seconds on average configurations
  • System files and Windows registries dumps
  • Registry analysis
  • Timeline analysis
  • Malware analysis
  • Suspicious activity detection
  • Reporting
Otter key features

Otter is not just another registry analysis tool. At the end of its investigation, a professional investigative report in excel format is created on your desktop containing 12 worksheets:

  1. Global summary, detailed system information, MD5 and SHA-1 hashes of evidence
  2. Analysis tips for Forensics investigation
  3. User accounts and group membership list
  4. Process list
  5. Process legitimacy analysis
  6. DLL’s list
  7. Recently opened documents
  8. USB devices connected to system
  9. Programs run by the user
  10. Programs running at startup
  11. Wireless/wired network connections
  12. Malware analysis with a scoring system

Otter is offering you the opportunity to conduct a Forensics investigation with ease and transparency. The second worksheet displays tips to help identify malicious artifacts on your system. Be or not to be a Forensics investigator ?