INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
Kernel Security Checker is a useful tool to locate attackers residing within a system by employing a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation or use of LKMs). It can find the modified syscalls from userspace, detect the promiscuous interfaces, and find the modifications applied to a protocol.
Passwd_exp notifies users via email of upcoming password or account expiration. Its simple modular architecture allows you to perform expiration checks on any data source you use (SQL databases, LDAP...), send expiration warnings only to desired users or group and on selected days only. Administrators can use it to review expired accounts in the system. Support for Linux and Solaris shadow (including LDAP and NIS systems) and BSD passwd systems is included.
ProviderTool Internet server administration program with email protection. The software is divided into a subcomponent Admin Tool, Customer Tool, and a Reseller Tool. Each subcomponent tool manages a separate zone that is setup for the specific needs of your administrator, end user, and reseller. If you have a Red Hat, SuSE, or Debian Internet or intranet server, you will be able to add, delete, and change settings and users with just a couple of clicks. ProviderTool is delivered with a separate Apache and PHP server environment. There is also an email protection tool included.
dietsniff is a tiny tool for analyzing traffic on a network. It's not intended to replace well-known tools like tcpdump or ethereal. It's intended for the case when a small and especially static sniffer is required. Accordingly, it's also by far not that powerful, and is also bound to Linux as a platform. While it doesn't use or need the libpcap, it produces pcap-logs that can be analyzed by more sophisticated tools like tcpdump or Ethereal.
The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.