14 projects tagged "Forensics"
Updated 30 Oct 2012
Xplico
| Pop | 284.59 |
|---|---|
| Vit | 13.91 |
Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).
Updated 29 Jan 2012
LynxFS
| Pop | 50.00 |
|---|---|
| Vit | 1.00 |
LynxFS is a filesystem driver for LynxOS filesystem images. It is based on FUSE. The LynxOS filesystem appears to be very similar to BSD's FFS. This driver may be of use to people inspecting or debugging embedded systems.
Updated 02 Oct 2011
RegLookup
| Pop | 138.14 |
|---|---|
| Vit | 8.56 |
The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.
Updated 20 Sep 2011
picviz
| Pop | 66.57 |
|---|---|
| Vit | 2.48 |
Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.
Updated 24 Nov 2010
CarvPath
| Pop | 48.93 |
|---|---|
| Vit | 1.61 |
CarvPath (libcarvpath) is a library aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The library allows the creation and manipulation of CarvPath annotations, which are a way to annotate partitions, files, alternate streams, processes etc. within a disk or memory image as a string. Entities within a CarvPath notation can be fragmented and/or nested, and allow for the expression of 'sparse' fragments within an entity. The CarvPath annotations resemble a path string in a filesystem, and thus present a basis for the interaction between computer forensics tools and the CarvPath-based user space file-system, CarvFs.
Updated 24 Nov 2010
CarvFS
| Pop | 55.86 |
|---|---|
| Vit | 1.97 |
CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.
Updated 30 Jul 2010
mbrChunker
| Pop | 103.92 |
|---|---|
| Vit | 2.03 |
mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.
Updated 01 Oct 2009
tableau-parm
| Pop | 57.03 |
|---|---|
| Vit | 1.79 |
tableau-parm is an small commandline utility designed to interact with Tableau forensic write blockers. It performs functions similar to the Tableau Disk Monitor, except that it operates under select UNIX platforms.
Updated 19 Mar 2009
dc3dd
| Pop | 84.10 |
|---|---|
| Vit | 1.82 |
dc3dd is a patched version of GNU dd to include a number of features useful for computer forensics.
Updated 18 Aug 2008
Cryptographic Implementations Analysis Too...
| Pop | 46.13 |
|---|---|
| Vit | 1.00 |
The Cryptographic Implementations Analysis Toolkit (CIAT) is a compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). It is particularly helpful in the forensic analysis and reverse engineering of malware using cryptographic code and encrypted payloads.
