37 projects tagged "Forensics"
Updated 19 May 2014
Lynis
| Pop | 1,352.59 |
|---|---|
| Vit | 115.67 |
Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Updated 06 Jan 2014
Xplico
| Pop | 507.11 |
|---|---|
| Vit | 18.46 |
Xplico is an IP traffic decoder that extracts data from an Internet traffic capture. From a pcap file, it can extracts each email (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP, RTP, H323, MEGACO, MGCP), IRC, MSN, and so on. It isn't a packet sniffer or a network protocol analyzer, but rather an IP/Internet traffic decoder or network forensic analysis tool (NFAT).
Updated 09 Oct 2013
Mobius Forensic Toolkit
| Pop | 216.58 |
|---|---|
| Vit | 20.06 |
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Updated 07 Oct 2008
FCCU GNU/Linux Forensic Bootable CD
| Pop | 205.03 |
|---|---|
| Vit | 3.86 |
FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.
Updated 01 Mar 2013
Digital Forensics Framework
| Pop | 143.55 |
|---|---|
| Vit | 4.75 |
DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
Updated 02 Oct 2011
RegLookup
| Pop | 130.69 |
|---|---|
| Vit | 7.12 |
The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.
Updated 20 Jun 2011
GrokEVT
| Pop | 109.49 |
|---|---|
| Vit | 5.22 |
GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
Updated 07 Mar 2008
MITRE Honeyclient Project
| Pop | 97.14 |
|---|---|
| Vit | 1.82 |
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
Updated 14 Feb 2013
mount_dd
| Pop | 84.75 |
|---|---|
| Vit | 3.87 |
Mount_dd is a GUI for mounting a raw image in Gnome. You can mount a dd-image in read-write or read-only mode. You can mount ISO, .img, raw, .00x formats, EWF, and AFF in read-only mode. You can also mount exfat partitions in read-only mode.
Updated 30 Jul 2010
mbrChunker
| Pop | 84.53 |
|---|---|
| Vit | 2.03 |
mbrChunker is a utility that allows you to mount raw disk images (created by dd, dcfldd, dc3dd, ftk imager, etc.) and create VMDK files. It does this by taking the raw image, analyzing the master boot record (physical sector 0), and getting specific information that is need to create a working VMDK file that points to your raw image. It can also extract information such as heads, cylinders, and sectors per track. With version 0.3.15, the tool now has the ability to search for hex byte offsets within any binary file. It will give you the byte location for every hex pattern found. More information about this can be found in the README.
