RSS 12 projects tagged "Forensics"

Download No website Updated 13 Nov 2011 XtractCarver

Screenshot
Pop 24.86
Vit 29.85

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers: automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Download Website Updated 09 Oct 2013 Mobius Forensic Toolkit

Screenshot
Pop 221.59
Vit 21.66

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

No download Website Updated 02 Oct 2011 RegLookup

Screenshot
Pop 133.87
Vit 7.22

The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.

No download Website Updated 07 Oct 2008 FCCU GNU/Linux Forensic Bootable CD

Screenshot
Pop 211.07
Vit 3.87

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

No download Website Updated 20 Sep 2011 picviz

Screenshot
Pop 48.66
Vit 2.43

Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.

Download No website Updated 30 Jul 2010 mbrChunker

Screenshot
Pop 89.20
Vit 2.03

mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.

Download Website Updated 19 Jan 2009 AirSAM

Screenshot
Pop 43.16
Vit 1.74

AirSAM is a desktop GUI that compliments the Web based Snort Alert Monitor. AirSAM gives up to date insight into who might be attacking your network. The ultimate goal is to give audio/visual cues right at the time of the attack. AirSAM is an Adobe Air application and should run on Mac OS, Linux, and Windows.

No download No website Updated 24 Nov 2010 CarvPath

Screenshot
Pop 38.42
Vit 1.56

CarvPath (libcarvpath) is a library aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The library allows the creation and manipulation of CarvPath annotations, which are a way to annotate partitions, files, alternate streams, processes etc. within a disk or memory image as a string. Entities within a CarvPath notation can be fragmented and/or nested, and allow for the expression of 'sparse' fragments within an entity. The CarvPath annotations resemble a path string in a filesystem, and thus present a basis for the interaction between computer forensics tools and the CarvPath-based user space file-system, CarvFs.

No download Website Updated 02 Sep 2008 check_websites

Screenshot
Pop 22.36
Vit 1.45

check_websites is a very simple virus scanner for Web sites. It checks a document root directory for files with the .js extension and for codewords which might be a hint of defacement or SQL injection. This tool is made to run as a cronjob. There's no output on the screen, but it generates a logfile and mails output.

Download Website Updated 22 Mar 2005 FCCU evtreader

Screenshot
Pop 70.29
Vit 1.42

FCCU evtreader is a forensic script made to parse MS Windows event log files.

Screenshot

Project Spotlight

OpenNMS

An enterprise-grade network management platform.

Screenshot

Project Spotlight

psensor

A graphical temperature monitor for Linux.