Spyware detection tools

From ForensicsWiki
Jump to: navigation, search

Spyware detection tools can find the presence of spyware (but not always). Some tools will only find spyware on the running system; others can find it on any disk.

It is useful to know if there is spyware on a system you are investigating.

If you are trying to prove guilt of the system's primary user:

  • You need to understand what the spyware on the system can do and what it can't do

If you are trying to prove innocence:

  • The presence of spyware can mean that someone else is running system

One way to find spyware is to set up a virtual machine with a disk image of the captured system, install the spyware detector, and then

Tools recommended for finding spyware in a forensic context:

  • Spyware Doctor (in Google Pack)