Difference between pages "SHA-1" and "Knoppix STD"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(clarify FIPS)
 
(New page: {{Infobox_Software | name = Knoppix STD | maintainer = | os = | genre = {{Live CD}} | license = {{GPL}} | website = [http://s-t-d.org/ s-t-d.org/] | }} Knoppix STD is a [[Co...)
 
Line 1: Line 1:
'''SHA-1''' ('''S'''ecure '''H'''ash '''A'''lgorithm) is a cryptographic hash function that was first published in 1995 in Federal Information Processing Standards (FIPS) PUB 180-1 by the National Security Agency (NSA) as a fix to an unknown flaw found in SHA-0.
+
{{Infobox_Software |
 +
  name = Knoppix STD |
 +
  maintainer =  |
 +
  os =  |
 +
  genre = {{Live CD}} |
 +
  license = {{GPL}} |
 +
  website = [http://s-t-d.org/ s-t-d.org/] |
 +
}}
  
In February of 2005 an attack was announced that could find collisions in SHA-1 requiring fewer than 2<sup>69</sup> operations.
+
Knoppix STD is a [[Computer Forensics|computer forensics]] / [[Incident Response|incident response]] [[live CD]] based on Knoppix.
  
 
== Tools ==
 
== Tools ==
  
On most Unix systems the tool sha1sum can be used to compute the SHA-1 hash of a file or devices.
+
=== Forensics ===
 +
 
 +
* [[Sleuthkit]] 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
 +
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
 +
* biew : binary viewer
 +
* bsed : binary stream editor
 +
* consh : logged shell (from F.I.R.E.)
 +
* coreography : analyze core files
 +
* dcfldd : US DoD Computer Forensics Lab version of dd
 +
* fenris : code debugging, tracing, decompiling, reverse engineering tool
 +
* fatback : Undelete FAT files
 +
* foremost : recover specific file types from disk images (like all JPG files)
 +
* ftimes : system baseline tool (be proactive)
 +
* galleta : recover Internet Explorer cookies
 +
* hashdig : dig through hash databases
 +
* hdb : java decompiler
 +
* mac-robber : TCT's graverobber written in C
 +
* [[md5deep]] : run md5 against multiple files/directories
 +
* memfetch : force a memory dump
 +
* pasco : browse IE index.dat
 +
* photorec : grab files from digital cameras
 +
* readdbx : convert Outlook Express .dbx files to mbox format
 +
* readoe : convert entire Outlook Express .directory to mbox format
 +
* rifiuti : browse Windows Recycle Bin INFO2 files
 +
* secure_delete : securely delete files, swap, memory....
 +
* testdisk : test and recover lost partitions
 +
* wipe : wipe a partition securely. good for prep'ing a partition for dd
 +
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
  
 
== External Links ==
 
== External Links ==
* [ftp://ftp.rfc-editor.org/in-notes/rfc3174.txt RFC 3174]
 
  
[[Category:Hashing]]
+
* [http://s-t-d.org/ Official Site]
 +
* [http://forum.s-t-d.org/ Support Forum]
 +
 
 +
[[Category:Incident response tools]]

Revision as of 05:50, 4 August 2007

Knoppix STD
Maintainer:
OS:
Genre: Live CD
License: GPL
Website: s-t-d.org/

Knoppix STD is a computer forensics / incident response live CD based on Knoppix.

Tools

Forensics

  • Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

External Links