ForensicsWiki will continue to operate as it has before and will not be shutting down. There may be some minor outages as we transition the site to new hardware, but we will try to minimize this as much as possible. Thank you for your continued support of ForensicsWiki.

Difference between pages "ThumbnailExpert" and "SANS Investigative Forensic Toolkit Workstation"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Created page with '{{Infobox_Software | name = ThumbnailExpert | maintainer = Anisimov Dec | os = {{Windows}} | genre = {{Metadata}} | license = {{Commercial}} | website = http://ww…')
 
m
 
Line 1: Line 1:
{{Infobox_Software |
+
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
  name = ThumbnailExpert |
+
  maintainer = [[Anisimov Dec]] |
+
  os = {{Windows}} |
+
  genre = {{Metadata}} |
+
  license = {{Commercial}} |
+
  website = http://www.thumbnailexpert.com/ |
+
}}
+
  
The program helps to find and analyze information in the thumbnail caches of many programs.
+
== Overview ==
  
== List of supported formats ==
+
SIFT Workstation is based on Ubuntu.
  
* 3D Photo Browser (c) Mootools software - contents.obv
+
Software Includes:
* ABC-View Manager (c) ABC-View - *.abt, *.abc
+
* ACDSee (c) ACD Systems, Ltd. - ImageDB.ddf, ImageDB.dtf, ImageDB.aid
+
* Adobe Photoshop Lightroom (c) Adobe Systems Incorporated - *.lrcat, *.noindex
+
* AhaView (c) Aha-soft - thumb.dat
+
* Alteros 3D (Alteros Viewer) (c) Lighttek Software - thumbs.idx, thumb.dbx
+
* Axialis CursorWorkshop (c) Axialis Software - *.*
+
* Axialis IconWorkshop (c) Axialis Software - *.*
+
* Axialis MediaBrowser (c) Axialis Software - *.*
+
* BraveViewer (c) BraveTech Inc. - brwseimg.brv
+
* CodedColor PhotoStudio(c) 1STEIN GmbH - files.bin, *.dat
+
* Directory Opus (c) GPSoftware - *.db
+
* EF Commander (c) Emil Fickel - ThumbsDB
+
* ExifPro (c) Magda & Michal Kowalski - CacheDb.bin
+
* FastStone Image Viewer (c) FastStone Soft - FSViewer.db
+
* FreshView (c) FreshDevices - FViewer.dat, *.fv
+
* Graphic Workshop Professional (c) Alchemy Mindworks - GWSPRO.TDB, *.THN
+
* HP Photosmart Essential (c) Hewlett-Packard Co. - asset.yos, thumbnail.db, thumbnailSel.db
+
* Image Data Converter SR (c) Sony Corporation - .Sony_ImageDataConverterSR_BrowserDiskCache
+
* Image Eye (c) FMJ-Software - ImageEye.iei
+
* Imagic (c) STOIK Imaging, LTD - FLD*.tmp
+
* OLYMPUS Studio (c) OLYMPUS IMAGING CORP - File.xml, *.dat
+
* One Cat File Manager (c) Keith Leinenbach - cachedirs.txt
+
* One Cat Viewer (c) Keith Leinenbach - cachedirs.txt
+
* Paint Shop Pro (c) Jasc Software, Inc. - pspbrwse.jbf
+
* PaperPort (c) Nuance Communications, Inc. - PP11Thumbs.ptn2, PPThumbs.ptn2, PP11Thumbs.ptn, PPThumbs.ptn
+
* Photo Commander (c) Ashampoo - ash.db, bgs.db, *.dbc, *.dbt
+
* Photo Go (c) Sony Creative Software Inc. - PhotoGo.db
+
* Photo Manager 2008 (c) Proxima Software - PhotoManager.db
+
* PhotoCool (c) Sunwise - photocool.brw
+
* PhotoLine (c) Computerinsel GmbH - Browse.plb
+
* PhotoPhilia (c) Pholix Software - $MOSAICS.MAP, *.phm
+
* PhotoScape (c) MOOII TECH - photothumb.db
+
* Picasa (c) Google, Inc. - thumbindex.db, thumbindex.tid, previews_index.db, bigthumbs_index.db, thumbs_index.db, thumbs2_index.db, index-previews.db, index-bigthumbs.db, index-thumbs2.db, index-thumbs.db, previews_0.db, bigthumbs_0.db, thumbs_0.db, thumbs2_0.db, previews.db, bigthumbs.db, thumbs.db, thumbs2.db
+
* Picture Information Extractor (c) Picmeta Systems - *.album
+
* Picture Motion Browser (c) Sony Corporation - .Sony_PMBrowser1000_BrowserDiskCache, .Sony_PMBrowser1000_BrowserDiskCache.idx
+
* PicViewer 2 (c) Anix Software - PicView.cch
+
* Regards (c) Figuinha Jacques - *.db
+
* Snapact Photo Manager (c) Tecagora Solutions Inc - db.db3
+
* ST Thumbnails Explorer (c) Softfields Technologies - STE.dbs
+
* Turbo Photo Album (c) Stepok Image Lab - TPhoto.prp
+
* Ulead Photo Explorer (c) Ulead Systems, Inc - pecache.idx, pe*.inf, pe*.cah
+
* UltraExplorer (c) Mustangpeak Software - *.album
+
* Vallen JPegger (c) Vallen-Systeme - jpeggeri.dat
+
* ViewNX (c) Nicon Corporation - NkCacheFolder.nki, NkCacheLarge.nki, NkCacheNormal.nki, NkCacheSmall.nki, NkCacheLarge.nkd, NkCacheNormal.nkd, NkCacheSmall.nkd
+
* WildBit Viewer (c) WildBit Software - *.album
+
* Windows (c) Microsoft - IconCache.db, ShellIconCache
+
* Windows Explorer (c) Microsoft - thumbs.db, ehthumbs.db, ehthumbs_vista.db
+
* Windows Seven Explorer (c) Microsoft - thumbcache_idx.db, thumbcache_1024.db, thumbcache_256.db, thumbcache_96.db, thumbcache_32.db
+
* [[Vista thumbcache | Windows Vista Explorer]] (c) Microsoft - thumbcache_idx.db, thumbcache_1024.db, thumbcache_256.db, thumbcache_96.db, thumbcache_32.db
+
* WinNc (c) Dunes MulitMedia, Inc. - WinNcThumbs.db
+
* WS_FTP (c) Ipswitch, Inc - IpsThumb.db
+
* Xentient Thumbnails (c) Ignacio Alvarez Morales - data
+
* XnView (c) Pierre-e Gougelet - XnView.db
+
* XYplorer (c) Donald Lessau - *.dat2
+
* Zoner Photo Studio (c) Zoner Sofware - ZPSCache.dat
+
  
== Links ==
+
# [[The Sleuth Kit]]
 +
# [[ssdeep]] & [[md5deep]]
 +
# [[Foremost]]/[[Scalpel]]
 +
# [[Wireshark]]
 +
# HexEditor
 +
# [[Vinetto]] ([[thumbs.db]] examination)
 +
# Pasco
 +
# Rifiuti
 +
# [[Volatility Framework]]
 +
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
 +
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
  
* [http://www.thumbnailexpert.com/ThumbnailExpertEn.zip Demo Version]
+
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local Windows operating system.
 +
 
 +
== Links ==
  
[[Category:Analysis]]
+
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
 +
[[Category:VMWare Appliances]]

Latest revision as of 21:55, 15 June 2014

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Ubuntu.

Software Includes:

  1. The Sleuth Kit
  2. ssdeep & md5deep
  3. Foremost/Scalpel
  4. Wireshark
  5. HexEditor
  6. Vinetto (thumbs.db examination)
  7. Pasco
  8. Rifiuti
  9. Volatility Framework
  10. DFLabs PTK (GUI Front-End for Sleuthkit)
  11. Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local Windows operating system.

Links