Difference between pages "Paul Ohm" and "Tools:File Analysis"
From Forensics Wiki
(Difference between pages)
m |
m (New page: = Open Source Tools = ; file : The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it ...) |
||
| Line 1: | Line 1: | ||
| − | + | = Open Source Tools = | |
| − | + | ; [[file]] | |
| + | : The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes. | ||
| − | + | ; [[ldd]] | |
| − | + | : ... | |
| − | [[ | + | ; [[ltrace]] |
| + | : ... | ||
| + | |||
| + | ; [[strace]] | ||
| + | : ... | ||
| + | |||
| + | ; [[strings]] | ||
| + | : Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc. | ||
| + | |||
| + | ; [[Galleta]] | ||
| + | : Parses cookie files. http://www.foundstone.com/resources/proddesc/galleta.htm | ||
| + | |||
| + | ; The [[Open Computer Forensics Architecture]] | ||
| + | : http://ocfa.sourceforge.net/ | ||
| + | |||
| + | ; [[Pasco]] | ||
| + | ; Parses '''index.dat'' files. http://www.foundstone.com/resources/proddesc/pasco.htm | ||
| + | |||
| + | ; [[Rifiuti]] | ||
| + | ; Examines the INFO2 file in the Recycle Bin http://www.foundstone.com/resources/proddesc/rifiuti.htm | ||
| + | |||
| + | ; [[yim2text]] | ||
| + | ; Extracts the 'encrypted' info in yahoo instant messenger log files. http://www.1vs0.com/tools.html | ||
| + | |||
| + | ; [[Hachoir]] | ||
| + | : determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats. | ||
| + | |||
| + | ; [[Cygwin]] | ||
| + | : http://www.cygwin.com/ | ||
| + | : Linux like environment for Windows | ||
| + | |||
| + | ; [[UnxUtils]] | ||
| + | : http://unxutils.sourceforge.net/ | ||
| + | : Common unix utilities compiled for a Windows environment. | ||
| + | |||
| + | = [[NDA]] and [[scoped distribution]] tools = | ||
Revision as of 22:14, 13 June 2007
Open Source Tools
- file
- The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
- ldd
- ...
- ltrace
- ...
- strace
- ...
- strings
- Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
- Galleta
- Parses cookie files. http://www.foundstone.com/resources/proddesc/galleta.htm
- Pasco
- Parses 'index.dat files. http://www.foundstone.com/resources/proddesc/pasco.htm
- Rifiuti
- Examines the INFO2 file in the Recycle Bin http://www.foundstone.com/resources/proddesc/rifiuti.htm
- yim2text
- Extracts the 'encrypted' info in yahoo instant messenger log files. http://www.1vs0.com/tools.html
- Hachoir
- determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
- Cygwin
- http://www.cygwin.com/
- Linux like environment for Windows
- UnxUtils
- http://unxutils.sourceforge.net/
- Common unix utilities compiled for a Windows environment.
