Difference between pages "Tools:File Analysis" and "User:Johny Ryder"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (GnuWin32, SUA)
 
m
 
Line 1: Line 1:
== Image Analysis ==
+
Data expert, tech lover, privacy protector. I started using computers and the internet early 1994. And I can not imagine how I would ever be able to communicate with my friends and family without these products.
; [[SurfRecon LE rapid image analysis tool]], by SurfRecon, Inc.
+
: http://www.surfrecon.com
+
  
== Open Source Tools ==
+
It is great to be able to share through the internet. But (semi) public sharing has its downsides too. I like to read about and work on keeping the protection of private information something individuals can control themselves.
  
; [[file]]
+
But sometimes it is good that there are forensic tools available. Just as long these tools are used properly. I hope people are aware of the possibilities to protect their privacy, and protectors of the public domain are aware of the forensic tools available, and use them properly.
: The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
+
  
; [[ldd]]
+
I hereby license all my contributions to this wiki under the Creative Commons Attribution-ShareAlike 2.5 license.
: list  dynamic  dependencies  of  executable  files
+
 
+
; [[truss]]
+
: Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
+
: http://docs.sun.com/app/docs/doc/819-2239/truss-1?l=en&a=view&q=truss
+
 
+
; [[ltrace]]
+
: Library call tracer
+
: http://linux.die.net/man/1/ltrace
+
 
+
; [[strace]]
+
: System Call Tracer
+
: http://sourceforge.net/projects/strace/
+
 
+
; [[xtrace]]
+
: eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
+
: http://sourceforge.net/projects/xtrace/
+
 
+
; [[ktrace]]
+
: Enables kernel process tracing on OpenBSD.
+
: http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
+
 
+
; [[Valgrind]]
+
: Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
+
: http://valgrind.org/
+
 
+
; [[DTrace]]
+
: Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
+
: http://www.sun.com/bigadmin/content/dtrace/
+
 
+
; [[strings]]
+
: Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
+
 
+
; [[Galleta]]
+
: Parses cookie files.  http://www.foundstone.com/resources/proddesc/galleta.htm
+
 
+
; The [[Open Computer Forensics Architecture]]
+
: http://ocfa.sourceforge.net/
+
 
+
; [[Pasco]]
+
; Parses '''index.dat'' files. http://www.foundstone.com/resources/proddesc/pasco.htm
+
 
+
; [[Rifiuti]]
+
; Examines the INFO2 file in the Recycle Bin    http://www.foundstone.com/resources/proddesc/rifiuti.htm
+
 
+
; [[yim2text]]
+
; Extracts the 'encrypted' info in yahoo instant messenger log files. http://www.1vs0.com/tools.html
+
 
+
; [[Hachoir]]
+
: determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
+
 
+
; [[Cygwin]]
+
: http://www.cygwin.com/
+
: Linux like environment for Windows
+
 
+
; [[UnxUtils]]
+
: http://unxutils.sourceforge.net/
+
: Common unix utilities compiled for a Windows environment.
+
 
+
; [[GnuWin32]]
+
: http://gnuwin32.sourceforge.net/
+
: Common GNU utilities compiled for a Windows Environment.
+
 
+
; [[SUA]]
+
: http://www.microsoft.com/windowsserver2003/R2/unixcomponents/webinstall.mspx
+
: Microsoft Subsystem for UNIX-based Applications.
+
 
+
== File Sharing Analysis Tools ==
+
; [[P2PMarshal|P2P Marshal]]
+
: Tools to discover and analyze peer-to-peer files for Windows.
+
 
+
== [[NDA]] and [[scoped distribution]] tools ==
+

Revision as of 04:04, 23 December 2011

Data expert, tech lover, privacy protector. I started using computers and the internet early 1994. And I can not imagine how I would ever be able to communicate with my friends and family without these products.

It is great to be able to share through the internet. But (semi) public sharing has its downsides too. I like to read about and work on keeping the protection of private information something individuals can control themselves.

But sometimes it is good that there are forensic tools available. Just as long these tools are used properly. I hope people are aware of the possibilities to protect their privacy, and protectors of the public domain are aware of the forensic tools available, and use them properly.

I hereby license all my contributions to this wiki under the Creative Commons Attribution-ShareAlike 2.5 license.