RSS 36 projects tagged "Forensics"

Download No website Updated 06 Dec 2013 gpart

Screenshot
Pop 70.80
Vit 1.59

Gpart is a small tool which tries to guess which partitions are on a PC harddisk in case the primary partition table was damaged. It works by scanning through the device (or file) given on the commandline on a sector basis. Each guessing module is asked if it thinks a filesystem it knows about could start at a given sector. Several filesystem guessing modules are built in, and others can be added dynamically.

Download Website Updated 17 Feb 2013 WTMParse

Screenshot
Pop 21.17
Vit 20.60

WTMParse is a script originally intended for use in forensic examinations which parses WTMP files from Unix-like operating systems and generates a CSS-styled HTML report containing the login terminal, username, log start date, and login time/date in a table. It's good for postmortem forensic examinations or as a way of getting "last"-like information when you don't have the ability to boot the machine in question but can grab the wtmp.

No download Website Updated 25 Mar 2014 MASTIFF

Screenshot
Pop 59.62
Vit 1.53

MASTIFF is a static analysis framework which automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plugins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.

Download Website Updated 13 Mar 2013 Fortools_dd

Screenshot
Pop 49.07
Vit 1.79

Fortools_dd is a set of forensic apps, created with zenity, for terminal commandos and bash scripts in Linux. It includes Mount_dd (a mounting images app), kijknekerap (a Dutch Terminal app), fgrep_dd (grep apps), convert_dd (a conversion app for aff > dd > EWF), shred_dd (a shredding app), filecopy_dd (a search-and-copy app), forensic_wine_dd (a Windows software with Wine app), reportmaker_dd (a small reportmaking app), Browserhistory_dd (a history app), and Offsetgrabber_dd (an offset viewing app).

Download Website Updated 24 Feb 2013 ANNFiD

Screenshot
Pop 41.86
Vit 1.04

ANNFiD is an experimental forensic tool that identifies file types using neural networks. A GUI tool is used to train the network for new file types. It is intended to be used to determine the nature of corrupted files.

Download No website Updated 13 Nov 2011 XtractCarver

Screenshot
Pop 25.34
Vit 29.75

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers: automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Download No website Updated 24 Dec 2011 NetXtract

Screenshot
Pop 47.85
Vit 1.02

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Download No website Updated 30 Jul 2010 mbrChunker

Screenshot
Pop 89.10
Vit 2.03

mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.

Download Website Updated 14 Feb 2013 mount_dd

Screenshot
Pop 89.57
Vit 3.89

Mount_dd is a GUI for mounting a raw image in Gnome. You can mount a dd-image in read-write or read-only mode. You can mount ISO, .img, raw, .00x formats, EWF, and AFF in read-only mode. You can also mount exfat partitions in read-only mode.

No download No website Updated 24 Nov 2010 CarvFS

Screenshot
Pop 49.72
Vit 1.91

CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.

Screenshot

Project Spotlight

libmodbus (stable)

A multiplatform Modbus library.

Screenshot

Project Spotlight

pyAggr3g470r

A news reader.