AirSAM is a desktop GUI that compliments the Web based Snort Alert Monitor. AirSAM gives up to date insight into who might be attacking your network. The ultimate goal is to give audio/visual cues right at the time of the attack. AirSAM is an Adobe Air application and should run on Mac OS, Linux, and Windows.
PTK is an alternative advanced interface for the TSK (The Sleuth Kit) suite. It was developed from scratch. Besides providing the functions already present in Autopsy, it implements numerous new features essential during forensic activity. PTK provides a graphical and highly professional interface based on AJAX technology. It also offers a great deal of features like analysis, search, and management of complex cases of digital investigation.
DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
CarvPath (libcarvpath) is a library aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The library allows the creation and manipulation of CarvPath annotations, which are a way to annotate partitions, files, alternate streams, processes etc. within a disk or memory image as a string. Entities within a CarvPath notation can be fragmented and/or nested, and allow for the expression of 'sparse' fragments within an entity. The CarvPath annotations resemble a path string in a filesystem, and thus present a basis for the interaction between computer forensics tools and the CarvPath-based user space file-system, CarvFs.
CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.
mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.