28 projects tagged "Forensics"
Updated 07 Oct 2008
FCCU GNU/Linux Forensic Bootable CD
| Pop | 233.31 |
|---|---|
| Vit | 4.02 |
FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.
Updated 22 Mar 2005
FCCU evtreader
| Pop | 75.18 |
|---|---|
| Vit | 1.42 |
FCCU evtreader is a forensic script made to parse MS Windows event log files.
Updated 20 Jun 2011
GrokEVT
| Pop | 111.28 |
|---|---|
| Vit | 6.07 |
GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
Updated 23 Aug 2005
fccu-docprop
| Pop | 51.14 |
|---|---|
| Vit | 1.00 |
fccu-docprop is a command line utility that tries to print the properties of MS OLE files. MS OLE Files are mainly MS Office DOC and XLS files. This software uses the libgsf library to get the metadata. This software can be used for forensic purposes.
Updated 07 Mar 2008
MITRE Honeyclient Project
| Pop | 106.23 |
|---|---|
| Vit | 1.83 |
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
Updated 23 May 2008
msn-proxy
| Pop | 88.32 |
|---|---|
| Vit | 1.51 |
The msn-proxy is a lightweight transparent proxy for MSN Messenger clients. It allows you to control and monitor the use of Messenger on your network.
Updated 25 Oct 2007
TFTPgrab
| Pop | 19.39 |
|---|---|
| Vit | 1.00 |
TFTPgrab is a TFTP (Trivial File Transfer Protocol) stream extractor that reads from tcpdump/libpcap capture files. It attempts to reconstruct data that has been transferred via TFTP, and may be useful in some network forensics situations.
Updated 23 Apr 2013
Mobius Forensic Toolkit
| Pop | 464.60 |
|---|---|
| Vit | 49.27 |
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Updated 30 Oct 2012
Xplico
| Pop | 283.73 |
|---|---|
| Vit | 13.70 |
Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).
Updated 30 Mar 2008
adelaide
| Pop | 24.82 |
|---|---|
| Vit | 1.00 |
Adelaide is a shell script to automate the checking of important files for unauthorized changes on Linux and Unix systems. It will email the system administrator with the details if anything has changed.
