36 projects tagged "Forensics"
Updated 07 Apr 2008
Yet Another Flowmeter
| Pop | 32.31 |
|---|---|
| Vit | 1.00 |
Yet Another Flowmeter (YAF) is a tool for network flow capture, primarily designed to operate efficiently on white box hardware and generate IPFIX flow records. It is designed to operate primarily on Unix-based systems (including Mac OS X), and is supported by the Network Situational Awareness team at CERT.
Updated 30 Mar 2008
adelaide
| Pop | 24.90 |
|---|---|
| Vit | 1.00 |
Adelaide is a shell script to automate the checking of important files for unauthorized changes on Linux and Unix systems. It will email the system administrator with the details if anything has changed.
Updated 30 Oct 2012
Xplico
| Pop | 283.97 |
|---|---|
| Vit | 13.85 |
Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).
Updated 23 Apr 2013
Mobius Forensic Toolkit
| Pop | 463.83 |
|---|---|
| Vit | 53.65 |
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Updated 25 Dec 2011
Lynis
| Pop | 231.84 |
|---|---|
| Vit | 11.06 |
Lynis is an auditing tool for Unix (specialists). It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Updated 25 Oct 2007
TFTPgrab
| Pop | 19.34 |
|---|---|
| Vit | 1.00 |
TFTPgrab is a TFTP (Trivial File Transfer Protocol) stream extractor that reads from tcpdump/libpcap capture files. It attempts to reconstruct data that has been transferred via TFTP, and may be useful in some network forensics situations.
Updated 23 May 2008
msn-proxy
| Pop | 92.04 |
|---|---|
| Vit | 1.51 |
The msn-proxy is a lightweight transparent proxy for MSN Messenger clients. It allows you to control and monitor the use of Messenger on your network.
Updated 29 Jan 2012
LynxFS
| Pop | 49.88 |
|---|---|
| Vit | 1.00 |
LynxFS is a filesystem driver for LynxOS filesystem images. It is based on FUSE. The LynxOS filesystem appears to be very similar to BSD's FFS. This driver may be of use to people inspecting or debugging embedded systems.
Updated 21 Aug 2007
Karmasphere Parallel Data Processing Language
| Pop | 67.76 |
|---|---|
| Vit | 1.00 |
The Karmasphere DP language is a high-performance non-blocking parallel language for performing data processing. It is designed to give the user a high degree of control over the usage of system resources, such as how many CPU cores or how much disk I/O time to use, without requiring the software developer to explicitly consider these issues in code. The implementation is a stand-alone library that can be used in any Java 1.5 environment. It can take full advantage of multiprocessor (SMP or NUMA) systems, and may be scaled sideways: since the interpreter and environment are stateless, an entire cluster of machines may run the interpreter in parallel without any need for synchronization.
Updated 07 Mar 2008
MITRE Honeyclient Project
| Pop | 110.87 |
|---|---|
| Vit | 1.83 |
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
