RSS 30 projects tagged "Forensics"

No download Website Updated 16 Aug 2009 LibForensics

Screenshot
Pop 20.49
Vit 41.31

LibForensics is a framework for developing digital forensics applications in Python.

Download No website Updated 14 Jan 2010 FileExtractor

Screenshot
Pop 28.67
Vit 39.46

FileExtractor is a tool for recovering files from a binary data source. It is useful when sources such as digital cameras, partitions, hard drives, memory sticks, or floppy disks are corrupted, deleted, or formatted by mistake.

Download No website Updated 13 Nov 2011 XtractCarver

Screenshot
Pop 25.40
Vit 29.77

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers: automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Download Website Updated 09 Oct 2013 Mobius Forensic Toolkit

Screenshot
Pop 223.05
Vit 21.92

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Download Website Updated 06 Jan 2014 Xplico

Screenshot
Pop 447.30
Vit 21.68

Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).

Download Website Updated 20 Jun 2011 GrokEVT

Screenshot
Pop 106.83
Vit 5.29

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

Download No website Updated 01 Mar 2013 Digital Forensics Framework

Screenshot
Pop 141.86
Vit 4.92

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Download Website Updated 14 Feb 2013 mount_dd

Screenshot
Pop 89.49
Vit 3.89

Mount_dd is a GUI for mounting a raw image in Gnome. You can mount a dd-image in read-write or read-only mode. You can mount ISO, .img, raw, .00x formats, EWF, and AFF in read-only mode. You can also mount exfat partitions in read-only mode.

No download Website Updated 07 Oct 2008 FCCU GNU/Linux Forensic Bootable CD

Screenshot
Pop 208.37
Vit 3.88

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

No download Website Updated 20 Sep 2011 picviz

Screenshot
Pop 48.83
Vit 2.43

Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.

Screenshot

Project Spotlight

Observium

An autodiscovering network observation system.

Screenshot

Project Spotlight

OGLplus

A C++ wrapper around the OpenGL C API.