you are here: home > security > tools > forensic
Call trans opt: receveid. 9-18-99 14:32:31 REC:log>
WARNING: carrier anomaly
Trace program: running
> Welcome 38.107.191.97
18.03.2010 - 00:47 (23:47 GMT)
5orry, you have... NO MAIL.

Computer Forensics: The Complete Documentation

  • This category contains 15 Tools
  • The last tool was added on 2007-02-12 (YYYY-MM-DD)
  • Use the Source Lucie!!! >:)

 AIR (Automated Image & Restore) -v1.2.3beta3

Published on 2003-06-25 - by Steve Gibson, ©Steve Gibson.

AIR (Automated Image & Restore) is a GUI front-end to dd/dcfldd designed for easily creating forensic bit images. Supports verification via MD5/SHA1, SCSI tape drives, imaging over a TCP/IP network, and complete session logging.

 Autopsy -v2.00

Published on 2004-03-19 - by Brian Carrier, ©Brian Carrier.

The Autopsy Forensic Browser is a graphical interface to the command line digital forensic analysis tools in The Sleuth Kit. Together, The Sleuth Kit and Autopsy provide many of the same features as commercial digital forensics tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS).

 BIEW -v5.61

Published on 2004-03-31 - by Nick Kurshev, ©Nick Kurshev.

BIEW- is multiplatform portable viewer of binary files with built-in editor in binary, hexadecimal and disassembler modes. It uses native Intel syntax for disassemble. Highlight AVR/Java/Athlon64/Pentium 4/K7-Athlon disassembler, russian codepages convertor, full preview of formats - MZ, NE, PE, NLM, coff32, elf partial - a.out, LE, LX, PharLap; code navigator and more over.

 bsed : binary stream editor -v1.0

Published on 2001-07-01 - by dwd, ©dwd.

bsed searches for a binary string in a file. If a replace string is given, bsed copies infile to outfile, replacing all instances of the search string with the replace string.

 Coreography -v1.0a

Published on - by coreography, ©Coreography.

Coreography is an open source utility for browsing memory images. Originally, it was intended as a tool for assisting in the analysis of core dumps. However, the tool has been expanded to parse any ELF based memory image, including core dumps and ELF libraries, object files, and executables, and even live processes.

 Fenris -v0.07-m

Published on 2002-06-25 - by Michal Zalewski, ©Michal Zalewski.

Fenris is a multipurpose tracer, GUI debugger, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics - providing a structural program trace, interactive debugging capabilities, general information about internal constructions, execution path, memory operations, I/O, conditional expressions and much more. Because it does not require sources or any particular compilation method, this multi-component project can be very helpful for black-box tests and evaluations - but it will also be a great tool for open-source project audits, as an unmatched real-time reconnaissance tool - especially when sources are too complex or too badly written to be analyzed by hand in a reliable way and reasonable time. Fenris does not rely on GNU libbfd for any critical tasks, and because of that, it is possible and feasible to trace and analyze binaries modified to fool debuggers, crypted, or otherwise tweaked. Fenris components also support other, independent debuggers or disassemblers, thanks to its capabilities to reconstruct symbol tables for stripped, static binaries with no debugging or symbol information whatsoever.

 Gpart -v0.1h

Published on 2001-02-15 - by Michail Brzitwa, ©Michail Brzitwa.

Gpart is a tool which tries to guess the primary partition table of a PC-type hard disk in case the primary partition table in sector 0 is damaged, incorrect or deleted. The guessed table can be written to a file or device.

 mac-robber -v1.00

Published on - by @stake Inc., @stake Inc..

mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the 'mactime' tool in The @stake Sleuth Kit (TASK) to make a time line of file activity. mac-robber is similar to running the 'grave-robber' tool from The Coroner's Toolkit with the '-m' flag, except this is written in C and not Perl.

 memfetch -

Published on - by Michal Zalewski, ©Michal Zalewski.

memfetch is a handy utility for dumping the memory of a running process (either immediately or on fault). It is a quite valuable addition to the shell command armory of an average hacker, helping you recover information that would otherwise be lost, and making it easier to check the integrity or internals of a running process. Most debuggers are good at accessing small portions of memory at once, whereas memfetch is a quick way of getting it all, ready to be processed in any way you like.

 PyFlag -v0.60

Published on 2004-03-15 - by David Collett, ©David Collett.

FLAG was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. Flag uses a database as a backend to assist in managing the large volumes of data. This allows flag to remain responsive and expedite data manipulation operations.

 RDA - Remote Data Acquisition utility -v0.2.1c

Published on - by Chris Boubalos and Stefanos Koutsoutos, ©Chris Boubalos and Stefanos Koutsoutos.

rda is a command line Linux tool to remotely acquire data (like disk cloning or disk/partition imaging) and verify the transfer using md5 and/or crc32 checksums. The program is both the server and the client.

 Sleuth Kit -v1.69

Published on 2004-04-20 - by Brian Carrier, ©Brian Carrier.

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system and media management forensic analysis tools. The file system tools allow you to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from the internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

 TCTutils -v1.01

Published on - by Brian Carrier, ©Brian Carrier.

TCTUTILs is a collection of utilities that adds functionality to The Coroners Toolkit (TCT).

 TestDisk -v5.2

Published on - by Christophe Grenier, ©Christophe Grenier.

TestDisk was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing your Partition Table).

 The Coroner's Toolkit (TCT) -v1.11

Published on - by Dan Farmer and Wietse Venema, ©Dan Farmer and Wietse Venema.

TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999 (handouts can be found here). Examples of using TCT can also be found on-line in a series of columns in the Doctor Dobb's Journal.

Search:

Search:



This page is also available in the following languages:
| English |

Copyleft L0T3K, The Look of Love Research Alliance - 2001-2010
Fédération Anarchiste Interplanétaire --[ Collectif l'Histrion -- Groupe Carl Einstein ]

Emergency Contact: webmistress [AT&belle] l0t3k [CYPHERPUNK] org | Version: Alpha 0.5 "Angelique"

A Solaar System site dedicaced to Ada Byron King, Countess of Lovelace ; Edith Clarke ; Rosa Peter ; Grace Murray Hopper ; Alexandra Illmer Forsythe ; Evelyn Boyd Granville ; Margaret R. Fox ; Erna Schneider Hoover ; Kay McNulty Mauchly Antonelli ; Alice Burks ; Adele Goldstine ; Joan Margaret Winters...

L0T3K: Le Premier Féminin High-tech à vocation interplanétaire