6 projects tagged "Forensics"

Licenses

Programming languages

Not
C (4)
Not
Python (2)
Not
C++ (1)
Not
PHP (1)
Not
FUSE (1)
Not
SWIG (1)

Operating systems

Not
Linux (6)
Not
BSD (×) (6)
Not
POSIX (4)
Not
Unix (1)
Not
Solaris (1)
Not
Windows (1)
Not
Mac OS X (1)
Not
FreeBSD (1)
Not
OpenBSD (1)
Not
IRIX (1)

Sort by:

Updated 20 Jun 2011 GrokEVT

P_op	118.49
V_it	6.08

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

Updated 23 May 2008 msn-proxy

P_op	91.78
V_it	1.51

The msn-proxy is a lightweight transparent proxy for MSN Messenger clients. It allows you to control and monitor the use of Messenger on your network.

Updated 25 Oct 2007 TFTPgrab

P_op	19.65
V_it	1.00

TFTPgrab is a TFTP (Trivial File Transfer Protocol) stream extractor that reads from tcpdump/libpcap capture files. It attempts to reconstruct data that has been transferred via TFTP, and may be useful in some network forensics situations.

Updated 19 Mar 2009 dc3dd

P_op	83.71
V_it	1.82

dc3dd is a patched version of GNU dd to include a number of features useful for computer forensics.

Updated 01 Mar 2013 Digital Forensics Framework

P_op	249.46
V_it	9.91

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Updated 24 Nov 2010 CarvFS

P_op	54.80
V_it	1.97

CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.