![]() Sanderson Forensics, View various picture formats, image enhancer, extraction of embedded Exif, GPS data., Drag and drop web-browser JavaScript tool for identification of over 2000 file types.Phil Harvey, Read, write and edit Exif data in a large number of file types.Passware, Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file.Outputs encryption algorithm used, original file size, signature used, etc. Ted Technology, Recursively parses headers of every eCryptfs file in selected directory.Various, Detects full and partial multimedia files in unallocated space.Digital Detective, Converts various data types to date/time values.Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system. CrowdStrike, Details network processes, listing binaries associated with each process.CrowdStike, Windows console application to aid gathering of system information for incident response and security engagements.Eric Zimmerman, Find strings in binary data, including regular expression searching.David Kovar, Parses the MFT from an NTFS file system allowing results to be analysed with other tools.Allan Hay, Reads Windows XP,Vista and Windows 7 prefetch files.Troy Larson, Guide by Brett Shavers to creating and working with a Windows boot CD. ![]() FH Aachen, Application that simplifies the use of the Volatility Framework.DSi, Enables software write-blocking of USB ports.Ted Technology, A Linux & Windows GUI for individual and recursive SHA1 hashing of files.NIST, Hash sets of ‘known’ (ignorable) files.Mobatek, Run Linux live CDs from their ISO image without having to boot to them.Nirsoft, Calculate MD5 and SHA1 hashes.Peter Fiskerstrand, Identifies over 1000 file types by examining their signatures.Gary Kessler, Table of file signatures.Shirouzu Hiroaki, Self labelled ‘fastest’ copy/delete Windows software.Nuix, Copies data between locations, with file comparison, verification, logging.NIST, Collated forensic images for training, practice and validation.Mythicsoft, Search multiple files using Boolean operators and Perl Regex.The main purpose is to provide a single tool to parse various log files and artefacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators. log2timeline is designed as a framework for artefact timeline creation and analysis.LOG2TIMELINE: Computer Artefact Time Creator.Lepide Software, Open and view (not export) Outlook PST files without needing Outlook.Lepide Software, Open and view (not export) Outlook OST files without connecting to an Exchange server.SysTools, View MBOX emails and attachments.MiTeC, Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files.Lepide Software, Open and view (not export) Outlook EDB files without an Exchange server.Passmark Software, Mounts a wide range of disk images.Passmark Software, Mount utility for CD/DVD or USB flash drives to create dd or AFF images/clones.Magnet Forensics, Captures physical memory of a suspect’s computer.Nmap, Utility for network discovery and security auditing.Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing. Belkasoft, Extracts RAM dump including that protected by an anti-debugging or anti-dumping system.vogu00, Multi-threaded GUI imager under running under Linux.AccessData, Imaging tool, disk viewer and image mounter.Web Content Protection Association, Browser designed to forensically capture web pages.Ridgecrop, Enables large capacity disks to be formatted as FAT32.4Discovery, Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier).Magnet Forensics, Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes.Guidance Software, Create EnCase evidence files and EnCase logical evidence files.MoonSols, Generates physical memory dump of Windows machines, 32 bits 64 bit.Arsenal Consulting, Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.Computer Forensics Tools -Part II Disk tools and data capture ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |