|
(Page 1 of 6) 1 2 3 4 5 6 Next > Category: Auditing » Forensics CryptoSearch Added 2006-08-08 LINReS Added 2006-08-07 LINReS is a Live Response script designed to run on suspect/compromised Linux systems system with a minimal impact on the system to satisfy various forensic standards requirements. This script has been tested successfully on RedHat Enterprise Linux systems. LINReS consists of mostly statically compiled binaries and includes the various shared libraries that may be required to run the binaries (which are not statically compiled). All in all, no binary from the compromised system is used by this tool which mitigates the risk of collecting information on a trojaned system. Log 2 Google Earth Added 2006-07-26 Visualize any logfile (firewall / apache you name it) in near realtime on Google Earth. See where you traffic is coming and going to. OmniPeek Personal Added 2006-06-21 OmniPeek Personal is a free version of the commercial protocol analyzer AiroPeek and EtherPeek, with support for both wired and wireless (802.11) traffic. Additional plug-ins may also be downloaded, such as: a Google Maps plugin which plots the location of an IP in Google Maps, a SQLite plug-in which can store packets in SQLite files so they can be searched with SQL queries, and a Remote TCPDump plug-in which can securely (SSH) connect to any Unix or Linux computer (e.g. Check Point's FireWall-1) and stream the packets back into OmniPeek for analysis -- all with out having to install any software on the remote end. Belkasoft Forensic IM Extractor Added 2006-06-12 This tool for e-crime/forensic professionals eases their work on analysing Internet Messengers histories. No password required. Supports various IMs: ICQ versions 99a up to ICQ5, MSN Messenger, Yahoo! Messenger, &RQ, Miranda. Supports deep ICQ analysis using different methods (with and without usage of index file) that allows user to extract even deleted and overwritten messages. The latter ability is indispensable for e-crime professionals. A number of different options available like filtering messages by time, sent/received type, user; ability to convert history to ICQ5 format; multibyte codepages are supported. More info at http://belkasoft.com. darc - Distributed Aide Runtime Controller Added 2006-04-24 darc is a multi-threaded Python application designed for managing AIDE installations in large heterogeneous networks. It provides centralized database management, unified reporting, and eliminates the need to maintain Aide databases and binaries on read-only media. Elcomsoft Distributed Password Recovery Added 2006-02-15 Elcomsoft Distributed Password Recovery (EDPR) offers administrators a comprehensive solution for recovering passwords to Microsoft Office documents when employees forget or lost their passwords. EDPR lets you coordinate all of the unused computing power of every computer on your LAN or WAN, and use distributed processing to restore the lost password by installing the "agents" onto as many computers on the network as the user desires; each of these agents uses brute force to try to recover the lost password. EDPR restores passwords for Word and Excel documents encrypted with 40 bit keys (Office 97/2000 compatible) as well as more recent documents (Office XP/2003) encrypted with CSP. Office 97/2000 documents can be also decrypted by recovery of encryption keys instead of password, and that type of attack gives a guaranteed result regardless of password length and complexity. Advanced Archive Password Recovery Added 2005-10-04 Advanced Archive Password Recovery is a program to recover lost or forgotten passwords for ZIP(PKZip/WinZip), ARJ/WinARJ, RAR/WinRAR and ACE/WinACE (1.x) archives. Supports the customizable "brute-force" attack, effectively optimized for speed (for traditional ZIP encryption, up to 15 million passwords per second on Pentium 4); dictionary-based attack, and very fast and effective known-plaintext attack. Supports strong WinZip encryption (AES). Multilangual interface is provided. IRCR Added 2005-08-12 The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis. The idea of IRCR is that anyone could run the tool and send the output to a skilled computer security professional for further analysis. IRCR v2 is a complete code change from Perl to DOS batch file. Anyone should be able to modify the batch file to their needs. Webtracer Added 2005-08-06 The Webtracer is a professional forensic tool to trace internet identities such as a website owners, the sender of an e-mail etc. Each internet resource (IP address, server name, e-mail address, URL etc.) can be investigated to retrieve underlying relations and owner details. The Webtracer also allows in depth analysis of e-mail headers and can be used to analyse logfiles after a possible intrusion. Browse by category |
|
|
Privacy Statement |
