Difference between pages "SHA-1" and "Knoppix STD"
From Forensics Wiki
(Difference between pages)
(clarify FIPS) |
(New page: {{Infobox_Software | name = Knoppix STD | maintainer = | os = | genre = {{Live CD}} | license = {{GPL}} | website = [http://s-t-d.org/ s-t-d.org/] | }} Knoppix STD is a [[Co...) |
||
| Line 1: | Line 1: | ||
| − | + | {{Infobox_Software | | |
| + | name = Knoppix STD | | ||
| + | maintainer = | | ||
| + | os = | | ||
| + | genre = {{Live CD}} | | ||
| + | license = {{GPL}} | | ||
| + | website = [http://s-t-d.org/ s-t-d.org/] | | ||
| + | }} | ||
| − | + | Knoppix STD is a [[Computer Forensics|computer forensics]] / [[Incident Response|incident response]] [[live CD]] based on Knoppix. | |
== Tools == | == Tools == | ||
| − | + | === Forensics === | |
| + | |||
| + | * [[Sleuthkit]] 1.66 : extensions to The Coroner's Toolkit forensic toolbox. | ||
| + | * autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence | ||
| + | * biew : binary viewer | ||
| + | * bsed : binary stream editor | ||
| + | * consh : logged shell (from F.I.R.E.) | ||
| + | * coreography : analyze core files | ||
| + | * dcfldd : US DoD Computer Forensics Lab version of dd | ||
| + | * fenris : code debugging, tracing, decompiling, reverse engineering tool | ||
| + | * fatback : Undelete FAT files | ||
| + | * foremost : recover specific file types from disk images (like all JPG files) | ||
| + | * ftimes : system baseline tool (be proactive) | ||
| + | * galleta : recover Internet Explorer cookies | ||
| + | * hashdig : dig through hash databases | ||
| + | * hdb : java decompiler | ||
| + | * mac-robber : TCT's graverobber written in C | ||
| + | * [[md5deep]] : run md5 against multiple files/directories | ||
| + | * memfetch : force a memory dump | ||
| + | * pasco : browse IE index.dat | ||
| + | * photorec : grab files from digital cameras | ||
| + | * readdbx : convert Outlook Express .dbx files to mbox format | ||
| + | * readoe : convert entire Outlook Express .directory to mbox format | ||
| + | * rifiuti : browse Windows Recycle Bin INFO2 files | ||
| + | * secure_delete : securely delete files, swap, memory.... | ||
| + | * testdisk : test and recover lost partitions | ||
| + | * wipe : wipe a partition securely. good for prep'ing a partition for dd | ||
| + | * and other typical system tools used for forensics (dd, lsof, strings, grep, etc.) | ||
== External Links == | == External Links == | ||
| − | |||
| − | [[Category: | + | * [http://s-t-d.org/ Official Site] |
| + | * [http://forum.s-t-d.org/ Support Forum] | ||
| + | |||
| + | [[Category:Incident response tools]] | ||
Revision as of 05:50, 4 August 2007
| Knoppix STD | |
|---|---|
| Maintainer: | |
| OS: | |
| Genre: | Live CD |
| License: | GPL |
| Website: | s-t-d.org/ |
Knoppix STD is a computer forensics / incident response live CD based on Knoppix.
Tools
Forensics
- Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
- autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
- biew : binary viewer
- bsed : binary stream editor
- consh : logged shell (from F.I.R.E.)
- coreography : analyze core files
- dcfldd : US DoD Computer Forensics Lab version of dd
- fenris : code debugging, tracing, decompiling, reverse engineering tool
- fatback : Undelete FAT files
- foremost : recover specific file types from disk images (like all JPG files)
- ftimes : system baseline tool (be proactive)
- galleta : recover Internet Explorer cookies
- hashdig : dig through hash databases
- hdb : java decompiler
- mac-robber : TCT's graverobber written in C
- md5deep : run md5 against multiple files/directories
- memfetch : force a memory dump
- pasco : browse IE index.dat
- photorec : grab files from digital cameras
- readdbx : convert Outlook Express .dbx files to mbox format
- readoe : convert entire Outlook Express .directory to mbox format
- rifiuti : browse Windows Recycle Bin INFO2 files
- secure_delete : securely delete files, swap, memory....
- testdisk : test and recover lost partitions
- wipe : wipe a partition securely. good for prep'ing a partition for dd
- and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
