A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).
Yet Another Flowmeter (YAF) is a tool for network flow capture, primarily designed to operate efficiently on white box hardware and generate IPFIX flow records. It is designed to operate primarily on Unix-based systems (including Mac OS X), and is supported by the Network Situational Awareness team at CERT.
DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
Gpart is a small tool which tries to guess which partitions are on a PC harddisk in case the primary partition table was damaged. It works by scanning through the device (or file) given on the commandline on a sector basis. Each guessing module is asked if it thinks a filesystem it knows about could start at a given sector. Several filesystem guessing modules are built in, and others can be added dynamically.