TCT is a collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in. The software was presented first during a free Computer Forensics Analysis class that we gave one year ago (almost to the day).
Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files.
http://www.porcupine.org/forensics/tct.html
Wednesday, December 26, 2007
The Forensic ToolKit
The Forensic ToolKit contains several Win32 Command line tools that help you examine the files on a NTFS disk partition for unauthorized activity. This tool is a file properties analyzer. It performs numerous functions such as examine the files on a disk drive for unauthorized activity, lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files and data streams. The Forensic toolkit will also dump file and security attributes, report on audited files, discover altered ACL's and see if a server reveals too much info via NULL sessions.
http://www.foundstone.com/knowledge/free_tools.html
http://www.foundstone.com/knowledge/free_tools.html
DMZS-FIRE
FIRE, the Forensic and Incident Response Environment, (formerly known as Biatchux) is a portable, bootable CD-ROM-based distribution providing an immediate environment for performing forensics analysis, data recovery, virus scanning, and pen-testing. It also provides the necessary tools for live forensics/analysis/incident response.
http://biatchux.sourceforge.net
http://biatchux.sourceforge.net
Autopsy Forensic Browser
The Autopsy Forensic Browser is an HTML-based graphical interface to The @stake Sleuth Kit (TASK). Together, TASK and Autopsy Forensic Browser are an open source alternative to the common Windows-based digital forensic tools. Autopsy provides an investigator with an HTML-based graphical interface that allows one to browse images from compromised systems in a "File Manager"-like interface. Windows and UNIX file systems can be analyzed to view deleted files, create time lines of file activity, and perform key word searches.
http://www.atstake.com/research/tools/autopsy/
http://www.atstake.com/research/tools/autopsy/
Webtracer
The Webtracer is a professional forensic tool to trace internet identities such as a website owners, the sender of an e-mail etc.
Each internet resource (IP address, server name, e-mail address, URL etc.) can be investigated to retrieve underlying relations and owner details.
The Webtracer also allows in depth analysis of e-mail headers and can be used to analyse logfiles after a possible intrusion.
http://www.forensictracer.com
Each internet resource (IP address, server name, e-mail address, URL etc.) can be investigated to retrieve underlying relations and owner details.
The Webtracer also allows in depth analysis of e-mail headers and can be used to analyse logfiles after a possible intrusion.
http://www.forensictracer.com
Log 2 Google Earth
Visualize any logfile (firewall / apache you name it) in near realtime on Google Earth. See where you traffic is coming and going to.
http://www.bytesman.com/
http://www.bytesman.com/
FTester (Firewall Testing)
FTester (firewall tester) is a tool designed for testing firewalls' filtering policies. It includes an Intrusion Detection System testing feature, along with a packet generator tool and a sniffer. Unlike common firewall testing tools or packet generators, ftester is capable of generating network traffic that will look like real connections to the firewall or IDS system tested, which allows users to test stateful inspection firewalls (like netfilter or ipfilter) and IDS (like snort).
http://dev.inversepath.com/trac/ftester
http://dev.inversepath.com/trac/ftester
Belkasoft Forensic IM Extractor
This tool for e-crime/forensic professionals eases their work on analysing Internet Messengers histories. No password required. Supports various IMs: ICQ versions 99a up to ICQ5, MSN Messenger, Yahoo! Messenger, &RQ, Miranda. Supports deep ICQ analysis using different methods (with and without usage of index file) that allows user to extract even deleted and overwritten messages. The latter ability is indispensable for e-crime professionals. A number of different options available like filtering messages by time, sent/received type, user; ability to convert history to ICQ5 format; multibyte codepages are supported.
http://belkasoft.com/download/bfie301.zip
http://belkasoft.com/download/bfie301.zip
Saturday, December 8, 2007
Simp pro 2.2.11
You use instant messengers to chat with your friends or colleagues. Did you know that your messages are sent in cleartext over the Internet, regardless of their destination?
SimpPro secures popular instant messengers (MSN Messenger, Yahoo! Messenger, ICQ, AIM, Jabber, Google Talk ) by encrypting text messages and file transfers. SimpPro is the commercial version of SimpLite, currently used by more than 50,000 security-aware IM users worldwide.
Main SimpPro features:
Encrypts IM text messages before they leave your computer
Protects MSN Messenger and ICQ/AIM file transfers
Personal, small business and corporate use
Full compatibility with popular IM networks, clients and with SimpLite
WEB CACHE Illuminator
Easily investigate all the web pages and images that someone has viewed. This program will succinctly show the web page title, date/time it was viewed, and thumbnails of all the images. As an added convenience, it can search the computer and locate all of the cache folders for you. Other features include ...
WORKS WITH ANY WEB BROWSER
The presentation is shown in a browser so that you can click on any title or images and then actually see first-hand what any of the pages look like. It also features the ability to filter images and/or other binary files.
RETRIEVE "HIDDEN" INFORMATION YOU'RE NOT SUPPOSED TO FIND
The Web Cache Illuminator will enhance any investigation of online activity because, in an attempt to hide their activity, people often delete their browser's history list -- but they will forget (or do not know how) to delete the browser's cached files. With the Web Cache Illuminator, you can look at those cached files and shed considerable light onto their contents.
A BUILT-IN VIEW/DELETE WIZARD
Use its handy View/Delete Wizard to delete an entire cache folder, or only selected files.
http://rapidshare.com/files/53930165/Web.Cache.Illuminator.v5.2.0.rar
mst TotalAccess Disk - get full access!
Are you familar with the problem, that you, administrator, are not granted access to some files and folders? If you use mst TotalAccess Disk, you will never again be bothered by "Acces denied" messages.mst TotalAcces Disk grants you access to all data on a storage volume. It does not even matter whether it is a hard disk or any other device - mst TotalAccess Disk integrates with the operating system.
Sometimes, administrators have to take a look in folders like "System Volume Information" or personal folders of other users. Normally, to be able to do this, the security of this object has to be modified, sometimes it is even required to take over ownership. But not with mst TotalAccess Disk! Just run it and get total access!
http://rapidshare.com/files/53930594/TotalAccess_Disk_PRO_1.0.8.166.rar
Anti Hacker Expert
Anti-Hacker Expert Trojan can scan and kill hacker program and trojans.Actually Anti-Hacker Expert includes more than 12000 hacker program and trojan signatures.Use manifold scan,fast and reliable detects your computer. Use the portscan to find open ports for hacker and trojan on your PC,and delete hacker program andtrojan. The registry-scan is highspeed scan for autorun-entries. It scans the system registry by using known trojan filenames. If a trojan is identified by the registry-scan, it will be removed from disk.The memory scan is scan all system process,if found hacker program and trojan,in a minute kill it and delete interrelated file. The diskscan also removes unwanted hacker program and trojan files from your harddisks. This is the most important search method. You can select wheter you want to scan whole drives or specified folders. The Firewall can background-guard watches for active hacker program and trojans while you are working on your PC. We time publish new edition to scan more hacker program and trojan,with Internet Online update to get new edition
http://rapidshare.com/files/57122412/Anti_Hacker_Expert_2007.rar
Axence nVision Professional 3.1.0.2083
nVision monitors your network: Windows, TCP/IP services, web and mail servers, URLs, applications (MS Exchange, SQL etc.). It also monitors routers and switches: network traffic, interface status, connected computers. You can collect network inventory and audit license usage. nVision will also alert you in case of a program installation or any configuration change. With the agent you can monitor user activity and access computers remotely.
http://rapidshare.com/files/57852141/Axence_nVision_Professional_3.1.0.2083.rar
Subscribe to:
Posts (Atom)