37 projects tagged "Forensics"

Download Website Updated 20 Jun 2011 GrokEVT

Screenshot
Pop 109.49
Vit 5.22

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

No download Website Updated 21 Aug 2007 Karmasphere Parallel Data Processing Language

Screenshot
Pop 68.76
Vit 1.00

The Karmasphere DP language is a high-performance non-blocking parallel language for performing data processing. It is designed to give the user a high degree of control over the usage of system resources, such as how many CPU cores or how much disk I/O time to use, without requiring the software developer to explicitly consider these issues in code. The implementation is a stand-alone library that can be used in any Java 1.5 environment. It can take full advantage of multiprocessor (SMP or NUMA) systems, and may be scaled sideways: since the interpreter and environment are stateless, an entire cluster of machines may run the interpreter in parallel without any need for synchronization.

No download Website Updated 16 Aug 2009 LibForensics

Screenshot
Pop 19.97
Vit 41.80

LibForensics is a framework for developing digital forensics applications in Python.

Download No website Updated 19 May 2014 Lynis

Screenshot
Pop 1,352.59
Vit 115.67

Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.

No download Website Updated 29 Jan 2012 LynxFS

Screenshot
Pop 43.08
Vit 1.00

LynxFS is a filesystem driver for LynxOS filesystem images. It is based on FUSE. The LynxOS filesystem appears to be very similar to BSD's FFS. This driver may be of use to people inspecting or debugging embedded systems.

No download Website Updated 25 Mar 2014 MASTIFF

Screenshot
Pop 65.99
Vit 1.52

MASTIFF is a static analysis framework which automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plugins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.

Download Website Updated 07 Mar 2008 MITRE Honeyclient Project

Screenshot
Pop 97.14
Vit 1.82

A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.

Download Website Updated 09 Oct 2013 Mobius Forensic Toolkit

Screenshot
Pop 216.58
Vit 20.06

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Download No website Updated 24 Dec 2011 NetXtract

Screenshot
Pop 48.68
Vit 1.02

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Download Website Updated 09 Feb 2009 PTK

Screenshot
Pop 28.67
Vit 43.98

PTK is an alternative advanced interface for the TSK (The Sleuth Kit) suite. It was developed from scratch. Besides providing the functions already present in Autopsy, it implements numerous new features essential during forensic activity. PTK provides a graphical and highly professional interface based on AJAX technology. It also offers a great deal of features like analysis, search, and management of complex cases of digital investigation.

Screenshot

Project Spotlight

Retro

A concatenative language with roots in Forth

Screenshot

Project Spotlight

InfoList

An application to edit the INFO list chunk in a RIFF file.