Difference between pages "Knoppix STD" and "Virtual Hard Disk (VHD)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: {{Infobox_Software | name = Knoppix STD | maintainer = | os = | genre = {{Live CD}} | license = {{GPL}} | website = [http://s-t-d.org/ s-t-d.org/] | }} Knoppix STD is a [[Co...)
 
(Image types)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{expand}}
  name = Knoppix STD |
+
  maintainer =  |
+
  os =  |
+
  genre = {{Live CD}} |
+
  license = {{GPL}} |
+
  website = [http://s-t-d.org/ s-t-d.org/] |
+
}}
+
  
Knoppix STD is a [[Computer Forensics|computer forensics]] / [[Incident Response|incident response]] [[live CD]] based on Knoppix.
+
== Image types ==
 +
There are multiple types of Virtual Hard Disk (VHD) images:
 +
* Fixed-size hard disk image
 +
* Dynamic-size (or sparse) hard disk image
 +
* Differencing (or delta) hard disk image
  
== Tools ==
+
== External Links ==
  
=== Forensics ===
+
* [http://en.wikipedia.org/wiki/VHD_(file_format) VHD (file format)], by Wikipedia
 
+
* [http://technet.microsoft.com/en-us/library/bb676673.aspx Virtual Hard Disk Image Format Specification], by Microsoft
* [[Sleuthkit]] 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
+
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
+
* biew : binary viewer
+
* bsed : binary stream editor
+
* consh : logged shell (from F.I.R.E.)
+
* coreography : analyze core files
+
* dcfldd : US DoD Computer Forensics Lab version of dd
+
* fenris : code debugging, tracing, decompiling, reverse engineering tool
+
* fatback : Undelete FAT files
+
* foremost : recover specific file types from disk images (like all JPG files)
+
* ftimes : system baseline tool (be proactive)
+
* galleta : recover Internet Explorer cookies
+
* hashdig : dig through hash databases
+
* hdb : java decompiler
+
* mac-robber : TCT's graverobber written in C
+
* [[md5deep]] : run md5 against multiple files/directories
+
* memfetch : force a memory dump
+
* pasco : browse IE index.dat
+
* photorec : grab files from digital cameras
+
* readdbx : convert Outlook Express .dbx files to mbox format
+
* readoe : convert entire Outlook Express .directory to mbox format
+
* rifiuti : browse Windows Recycle Bin INFO2 files
+
* secure_delete : securely delete files, swap, memory....
+
* testdisk : test and recover lost partitions
+
* wipe : wipe a partition securely. good for prep'ing a partition for dd
+
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
+
 
+
== External Links ==
+
  
* [http://s-t-d.org/ Official Site]
 
* [http://forum.s-t-d.org/ Support Forum]
 
  
[[Category:Incident response tools]]
+
[[Category:File Formats]]

Revision as of 05:01, 13 September 2012

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Image types

There are multiple types of Virtual Hard Disk (VHD) images:

  • Fixed-size hard disk image
  • Dynamic-size (or sparse) hard disk image
  • Differencing (or delta) hard disk image

External Links