Monday, 31. October 2011
Volatility 2.0
Am Monday, 31. Oct 2011 im Topic 'Computer Forensics'
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
Download
https://www.volatilesystems.com/default/volatility
Guide
http://code.google.com/p/volatility/wiki/FullInstallation
Download
https://www.volatilesystems.com/default/volatility
Guide
http://code.google.com/p/volatility/wiki/FullInstallation
Sunday, 30. October 2011
MANDIANT Memoryze
Am Sunday, 30. Oct 2011 im Topic 'Computer Forensics'
MANDIANT Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis.
Download
http://mandiant.com/products/free_software/memoryze/download/
Download
http://mandiant.com/products/free_software/memoryze/download/
Friday, 28. October 2011
DEFT - Linux
Am Friday, 28. Oct 2011 im Topic 'Computer Forensics'
DEFT Linux 6 is based on the new Kernel 2.6.35 (Linux side) and the DEFT Extra 3.0 (Computer Forensic GUI) with the best freeware Windows Computer Forensic tools. DEFT it’s a new concept of Computer Forensic live system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics.
Download
http://www.deftlinux.net/download/
Download
http://www.deftlinux.net/download/
Saturday, 22. October 2011
Net Tools 5.0 (build 70)
Am Saturday, 22. Oct 2011 im Topic 'Computer Forensics'
Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.
Download
http://www.mabsoft.com/NetTools5.0.70.zip
Download
http://www.mabsoft.com/NetTools5.0.70.zip
QuickRecon v0.3 - information gathering
Am Saturday, 22. Oct 2011 im Topic 'Computer Forensics'
QuickRecon is a simple information gathering tool that allows you to:
Bruteforce subdomains of a target domain
Perform zone transfer
Gather email addresses from Google.com and Bing.com
Find human relationships using XHTML Friends Network (microformats)
Download:
http://code.google.com/p/quickrecon/downloads/list
Bruteforce subdomains of a target domain
Perform zone transfer
Gather email addresses from Google.com and Bing.com
Find human relationships using XHTML Friends Network (microformats)
Download:
http://code.google.com/p/quickrecon/downloads/list
RawCap Tiny Sniffer
Am Saturday, 22. Oct 2011 im Topic 'Computer Forensics'
Details:
Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
RawCap.exe is just 17 kB
No external libraries or DLL’s needed
No installation required, just download RawCap.exe and sniff
Can sniff most interface types, including WiFi and PPP interfaces
Minimal memory and CPU load
Reliable and simple to use
Download:
http://www.netresec.com/products/RawCap/RawCap.exe
Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
RawCap.exe is just 17 kB
No external libraries or DLL’s needed
No installation required, just download RawCap.exe and sniff
Can sniff most interface types, including WiFi and PPP interfaces
Minimal memory and CPU load
Reliable and simple to use
Download:
http://www.netresec.com/products/RawCap/RawCap.exe
Opensource forensic tools website
Am Saturday, 22. Oct 2011 im Topic 'Computer Forensics'
This website contains a bunch of open source forensic tools.
Source
http://www2.opensourceforensics.org/tools/windows
Source
http://www2.opensourceforensics.org/tools/windows
RTCA
Am Saturday, 22. Oct 2011 im Topic 'Computer Forensics'
RTCA is a Windows forensic analysis tool, registry, audit logs and files. RTCA basically is a standalone and portable application for extraction and analysis investigation, can be used in local configuration report or analysis after extraction. As it analysis after extraction analysis is fast and acurate.
Download
http://omnia-projetcs.googlecode.com/svn/trunk/RTCA/RtCA.exe
Download
http://omnia-projetcs.googlecode.com/svn/trunk/RTCA/RtCA.exe
Tuesday, 30. August 2011
Mobius Forensic Toolkit 0.5.9 - Linux
Am Tuesday, 30. Aug 2011 im Topic 'Computer Forensics'
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Download
http://freshmeat.net/projects/mobiusft
Installation
As root, type:
python setup.py install
Usage
Run mobius_bin.py.
Download
http://freshmeat.net/projects/mobiusft
Installation
As root, type:
python setup.py install
Usage
Run mobius_bin.py.
Tuesday, 9. August 2011
SANS Investigate Forensic Toolkit (SIFT) Workstation v.2.1
Am Tuesday, 9. Aug 2011 im Topic 'Computer Forensics'
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.
Download
http://computer-forensics.sans.org/community/downloads
The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.
Download
http://computer-forensics.sans.org/community/downloads
... ältere Einträge