37 projects tagged "Forensics"

Download Website Updated 23 May 2008 msn-proxy

Screenshot
Pop 82.19
Vit 1.49

The msn-proxy is a lightweight transparent proxy for MSN Messenger clients. It allows you to control and monitor the use of Messenger on your network.

Download No website Updated 06 Dec 2013 gpart

Screenshot
Pop 69.11
Vit 1.55

Gpart is a small tool which tries to guess which partitions are on a PC harddisk in case the primary partition table was damaged. It works by scanning through the device (or file) given on the commandline on a sector basis. Each guessing module is asked if it thinks a filesystem it knows about could start at a given sector. Several filesystem guessing modules are built in, and others can be added dynamically.

No download Website Updated 21 Aug 2007 Karmasphere Parallel Data Processing Language

Screenshot
Pop 68.76
Vit 1.00

The Karmasphere DP language is a high-performance non-blocking parallel language for performing data processing. It is designed to give the user a high degree of control over the usage of system resources, such as how many CPU cores or how much disk I/O time to use, without requiring the software developer to explicitly consider these issues in code. The implementation is a stand-alone library that can be used in any Java 1.5 environment. It can take full advantage of multiprocessor (SMP or NUMA) systems, and may be scaled sideways: since the interpreter and environment are stateless, an entire cluster of machines may run the interpreter in parallel without any need for synchronization.

Download Website Updated 22 Mar 2005 FCCU evtreader

Screenshot
Pop 68.28
Vit 1.42

FCCU evtreader is a forensic script made to parse MS Windows event log files.

Download Website Updated 19 Mar 2009 dc3dd

Screenshot
Pop 66.21
Vit 1.80

dc3dd is a patched version of GNU dd to include a number of features useful for computer forensics.

No download Website Updated 25 Mar 2014 MASTIFF

Screenshot
Pop 65.99
Vit 1.52

MASTIFF is a static analysis framework which automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plugins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.

Download Website Updated 23 Aug 2005 fccu-docprop

Screenshot
Pop 51.14
Vit 1.00

fccu-docprop is a command line utility that tries to print the properties of MS OLE files. MS OLE Files are mainly MS Office DOC and XLS files. This software uses the libgsf library to get the metadata. This software can be used for forensic purposes.

Download No website Updated 01 Oct 2009 tableau-parm

Screenshot
Pop 50.68
Vit 1.72

tableau-parm is an small commandline utility designed to interact with Tableau forensic write blockers. It performs functions similar to the Tableau Disk Monitor, except that it operates under select UNIX platforms.

No download No website Updated 24 Nov 2010 CarvFS

Screenshot
Pop 49.48
Vit 1.90

CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.

Download No website Updated 24 Dec 2011 NetXtract

Screenshot
Pop 48.68
Vit 1.02

Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.

Screenshot

Project Spotlight

Retro

A concatenative language with roots in Forth

Screenshot

Project Spotlight

InfoList

An application to edit the INFO list chunk in a RIFF file.