Login  |  Sign up  |  繁體中文

What is Resource Catalog ?

catalog-iconThe OpenFoundry Resource Catalog lists professional resources and applications related to the development of open source software. If you have any recommendation listing / category  or bug for this resource catalog, please do not hesitate to contact us.

Forensic Tools

Forensic Tools (資安鑑定)

Listings
3
Next
End

Results 41 - 52 of 52

ddrescue

GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. GNU ddrescue does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps. The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an error, stop the program, read the log, run it in reverse mode, etc.

AIR - Automated Image and Restore

AIR (Automated Image & Restore) is a GUI front-end to dd/dc3dd designed for easily creating forensic disk/partition images. Supports MD5/SHAx hashes, SCSI tape drives, imaging over a TCP/IP network, splitting images, and detailed session logging. This program is license under GNU General Public License v2.

Liveview

Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.

The Coroner's Toolkit (TCT)

The Coroner's Toolkit (TCT) is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system. The software was presented first in a Computer Forensics Analysis class in August 1999 (handouts can be found in web site). Examples of using TCT can be found in our Forensic Discovery book. Note: consider using Brian Carrier's Sleuthkit. It is the official successor, based on parts from TCT. Development of the Coroner's Toolkit was stopped years ago. It is updated only for for bugfixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine.

Ninja

Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary informa-tion about this process, and optionally kill the process if it was spawned by an unauthorized user. A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable.

FTimes

FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis.

Afflib

AFF and AFF-Related Forensic Software

Jones Dykstra Tools

We have written some open source tools, methodologies, and white papers for the computer forensic community. Click on the buttons below to download the information you are interested in. Questions about the tools on this site can be directed to This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

USB History Dump

USB History Dump is a forensic tool used to trace evidence of USB thumb drive activity from the Windows Registry. It can be used to gather information such as the last time the thumb drive or mp3 player was connected as well as the last drive letter.

PyFlag

FLAG (Forensic and Log Analysis GUI) is an advanced forensic tool for the analysis of large volumes of log files and forensic investigations. PyFlag features a rich FeatureList which include the ability to load many different log file formats, Perform forensic analysis of disks and images. PyFlag can also analyse network traffic as obtained via tcpdump quickly and efficiently.

The Sleuth Kit

The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.

Forensic Acquisition Utilities

This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment.  The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running computer system while at the same time ensuring data integrity (e.g. with a cryptographic checksums) and while minimizing distortive alterations to the subject system.

3
Next
End

Results 41 - 52 of 52