RSS 24 projects tagged "Forensics"

Download No website Updated 10 Apr 2014 Lynis

Screenshot
Pop 1,807.24
Vit 110.75

Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.

Download Website Updated 09 Feb 2009 PTK

Screenshot
Pop 30.00
Vit 43.54

PTK is an alternative advanced interface for the TSK (The Sleuth Kit) suite. It was developed from scratch. Besides providing the functions already present in Autopsy, it implements numerous new features essential during forensic activity. PTK provides a graphical and highly professional interface based on AJAX technology. It also offers a great deal of features like analysis, search, and management of complex cases of digital investigation.

Download Website Updated 09 Oct 2013 Mobius Forensic Toolkit

Screenshot
Pop 221.43
Vit 21.82

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Download Website Updated 06 Jan 2014 Xplico

Screenshot
Pop 445.87
Vit 21.48

Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).

No download Website Updated 02 Oct 2011 RegLookup

Screenshot
Pop 134.20
Vit 7.23

The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.

Download Website Updated 20 Jun 2011 GrokEVT

Screenshot
Pop 107.50
Vit 5.29

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

Download No website Updated 01 Mar 2013 Digital Forensics Framework

Screenshot
Pop 141.46
Vit 4.91

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

No download Website Updated 07 Oct 2008 FCCU GNU/Linux Forensic Bootable CD

Screenshot
Pop 210.11
Vit 3.88

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

No download Website Updated 20 Sep 2011 picviz

Screenshot
Pop 48.50
Vit 2.43

Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.

Download Website Updated 07 Mar 2008 MITRE Honeyclient Project

Screenshot
Pop 92.03
Vit 1.82

A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.

Screenshot

Project Spotlight

Event and Task Manager

An event and task manager.

Screenshot

Project Spotlight

s6-portable-utils

Tiny, portable general Unix utilities.