RSS 30 projects tagged "Forensics"

Download No website Updated 24 Apr 2014 Lynis

Screenshot
Pop 1,808.43
Vit 383.81

Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.

No download Website Updated 25 Mar 2014 MASTIFF

Screenshot
Pop 62.05
Vit 1.53

MASTIFF is a static analysis framework which automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plugins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.

Download Website Updated 06 Jan 2014 Xplico

Screenshot
Pop 451.49
Vit 21.09

Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).

Download No website Updated 06 Dec 2013 gpart

Screenshot
Pop 71.13
Vit 1.58

Gpart is a small tool which tries to guess which partitions are on a PC harddisk in case the primary partition table was damaged. It works by scanning through the device (or file) given on the commandline on a sector basis. Each guessing module is asked if it thinks a filesystem it knows about could start at a given sector. Several filesystem guessing modules are built in, and others can be added dynamically.

Download Website Updated 09 Oct 2013 Mobius Forensic Toolkit

Screenshot
Pop 220.70
Vit 21.61

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Download Website Updated 13 Mar 2013 Fortools_dd

Screenshot
Pop 48.71
Vit 1.79

Fortools_dd is a set of forensic apps, created with zenity, for terminal commandos and bash scripts in Linux. It includes Mount_dd (a mounting images app), kijknekerap (a Dutch Terminal app), fgrep_dd (grep apps), convert_dd (a conversion app for aff > dd > EWF), shred_dd (a shredding app), filecopy_dd (a search-and-copy app), forensic_wine_dd (a Windows software with Wine app), reportmaker_dd (a small reportmaking app), Browserhistory_dd (a history app), and Offsetgrabber_dd (an offset viewing app).

Download Website Updated 17 Feb 2013 WTMParse

Screenshot
Pop 21.54
Vit 20.77

WTMParse is a script originally intended for use in forensic examinations which parses WTMP files from Unix-like operating systems and generates a CSS-styled HTML report containing the login terminal, username, log start date, and login time/date in a table. It's good for postmortem forensic examinations or as a way of getting "last"-like information when you don't have the ability to boot the machine in question but can grab the wtmp.

Download Website Updated 14 Feb 2013 mount_dd

Screenshot
Pop 87.91
Vit 3.88

Mount_dd is a GUI for mounting a raw image in Gnome. You can mount a dd-image in read-write or read-only mode. You can mount ISO, .img, raw, .00x formats, EWF, and AFF in read-only mode. You can also mount exfat partitions in read-only mode.

No download Website Updated 29 Jan 2012 LynxFS

Screenshot
Pop 44.81
Vit 1.00

LynxFS is a filesystem driver for LynxOS filesystem images. It is based on FUSE. The LynxOS filesystem appears to be very similar to BSD's FFS. This driver may be of use to people inspecting or debugging embedded systems.

Download No website Updated 24 Dec 2011 NetXtract

Screenshot
Pop 48.27
Vit 1.02

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Screenshot

Project Spotlight

WildMidi

A software wavetable synth.

Screenshot

Project Spotlight

termit

A vte-based terminal emulator.