36 projects tagged "Forensics"
Updated 19 Jan 2009
AirSAM
| Pop | 55.50 |
|---|---|
| Vit | 1.74 |
AirSAM is a desktop GUI that compliments the Web based Snort Alert Monitor. AirSAM gives up to date insight into who might be attacking your network. The ultimate goal is to give audio/visual cues right at the time of the attack. AirSAM is an Adobe Air application and should run on Mac OS, Linux, and Windows.
Updated 09 Feb 2009
PTK
| Pop | 33.14 |
|---|---|
| Vit | 39.50 |
PTK is an alternative advanced interface for the TSK (The Sleuth Kit) suite. It was developed from scratch. Besides providing the functions already present in Autopsy, it implements numerous new features essential during forensic activity. PTK provides a graphical and highly professional interface based on AJAX technology. It also offers a great deal of features like analysis, search, and management of complex cases of digital investigation.
Updated 16 Aug 2009
LibForensics
| Pop | 26.83 |
|---|---|
| Vit | 37.06 |
LibForensics is a framework for developing digital forensics applications in Python.
Updated 01 Mar 2013
Digital Forensics Framework
| Pop | 247.87 |
|---|---|
| Vit | 10.08 |
DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
Updated 26 May 2010
libpff
| Pop | 39.61 |
|---|---|
| Vit | 1.55 |
libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used by Outlook in PAB (Personal Address Book), PST (Personal Storage Table), and OST (Offline Storage Table) files.
Updated 14 Jan 2010
FileExtractor
| Pop | 33.62 |
|---|---|
| Vit | 34.99 |
FileExtractor is a tool for recovering files from a binary data source. It is useful when sources such as digital cameras, partitions, hard drives, memory sticks, or floppy disks are corrupted, deleted, or formatted by mistake.
Updated 24 Nov 2010
CarvPath
| Pop | 48.47 |
|---|---|
| Vit | 1.61 |
CarvPath (libcarvpath) is a library aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The library allows the creation and manipulation of CarvPath annotations, which are a way to annotate partitions, files, alternate streams, processes etc. within a disk or memory image as a string. Entities within a CarvPath notation can be fragmented and/or nested, and allow for the expression of 'sparse' fragments within an entity. The CarvPath annotations resemble a path string in a filesystem, and thus present a basis for the interaction between computer forensics tools and the CarvPath-based user space file-system, CarvFs.
Updated 24 Nov 2010
CarvFS
| Pop | 55.04 |
|---|---|
| Vit | 1.97 |
CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.
Updated 14 Feb 2013
mount_dd
| Pop | 129.34 |
|---|---|
| Vit | 4.11 |
Mount_dd is a GUI for mounting a raw image in Gnome. You can mount a dd-image in read-write or read-only mode. You can mount ISO, .img, raw, .00x formats, EWF, and AFF in read-only mode. You can also mount exfat partitions in read-only mode.
Updated 30 Jul 2010
mbrChunker
| Pop | 103.66 |
|---|---|
| Vit | 2.03 |
mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.
