Difference between pages "Tools" and "Content Lost in Migration"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Windows-based Tools)
 
m
 
Line 1: Line 1:
This is an '''overview of available tools''' for forensic [[investigator]]s. Please click on the name of any tool for more details.
+
Below is a list of the pages that Google says no longer exists on the ForensicsWiki. In going through the backups it appears that the pages were never created in the first place. If you know of content that is missing please contact us.
  
'''Note: This page has gotten too big and is being broken up. See:'''
+
 +
wiki/Forensics_Wiki:General_disclaimer
 +
 +
404
 +
 +
5/25/14
 +
 +
2
 +
 +
index.php?title=LNK
 +
 +
404
 +
 +
4/11/14
 +
 +
3
 +
 +
wiki/Talk:Ddrescue
 +
 +
404
 +
 +
6/14/14
 +
 +
4
 +
 +
wiki/RIPEMD-160
 +
 +
404
 +
 +
6/14/14
 +
 +
5
 +
 +
wiki/Brute-force
 +
 +
404
 +
 +
6/14/14
 +
 +
6
 +
 +
wiki/Whirlpool
 +
 +
404
 +
 +
6/14/14
 +
 +
7
 +
 +
wiki/Guy_Voncken
 +
 +
404
 +
 +
6/14/14
 +
 +
8
 +
 +
wiki/Darren_Bilby
 +
 +
404
 +
 +
6/14/14
 +
 +
9
 +
 +
wiki/Disk_imaging
 +
 +
404
 +
 +
6/14/14
 +
 +
10
 +
 +
wiki/SquashFS
 +
 +
404
 +
 +
6/14/14
 +
 +
11
 +
 +
wiki/Talk:GELI
 +
 +
404
 +
 +
6/14/14
 +
 +
12
 +
 +
wiki/Daubert
 +
 +
404
 +
 +
6/14/14
 +
 +
13
 +
 +
wiki/GEOM
 +
 +
404
 +
 +
6/14/14
 +
 +
14
 +
 +
wiki/RAID
 +
 +
404
 +
 +
6/14/14
 +
 +
15
 +
 +
wiki/CBC
 +
 +
404
 +
 +
6/14/14
 +
 +
16
 +
 +
wiki/Ubuntu
 +
 +
404
 +
 +
6/14/14
 +
 +
17
 +
 +
wiki/Key-file
 +
 +
404
 +
 +
6/14/14
 +
 +
18
 +
 +
wiki/LWR
 +
 +
404
 +
 +
6/14/14
 +
 +
19
 +
 +
wiki/CAST
 +
 +
404
 +
 +
6/14/14
 +
 +
20
 +
 +
wiki/XTS
 +
 +
404
 +
 +
6/14/14
 +
 +
21
 +
 +
wiki/Talk:Volatility_Framework
 +
 +
404
 +
 +
6/14/14
 +
 +
22
 +
 +
wiki/Talk:Volatility
 +
 +
404
 +
 +
6/14/14
 +
 +
23
 +
 +
wiki/Lodovico_Marziale
 +
 +
404
 +
 +
6/14/14
 +
 +
24
 +
 +
wiki/Open_source
 +
 +
404
 +
 +
6/14/14
 +
 +
25
 +
 +
wiki/Talk:OpenBSD
 +
 +
404
 +
 +
6/14/14
 +
  
* [[:Category:Disk Imaging]]
+
* [[Tools:Data Recovery]] (including file [[carving]])
+
26
* [[Tools:File Analysis]]
+
* [[Tools:Document Metadata Extraction]]
+
wiki/Directory
* [[Tools:Memory Imaging]]
+
* [[Tools:Memory Analysis]]
+
404
* [[Tools:Network Forensics]]
+
* [[Tools:Logfile Analysis]]
+
6/14/14
* [[:Category:Anti-forensics tools]]
+
* [[:Category:Secure deletion]]
+
27
 
+
= Disk Analysis Tools =
+
wiki/Yaffs
== Hard Drive Firmware and Diagnostics Tools ==
+
; [[PC-3000]] from [[DeepSpar Data Recovery Systems]]
+
404
: http://www.deepspar.com/products-pc-3000-drive.html
+
: http://www.pc-3000.com/
+
6/14/14
 
+
== Linux-based Tools ==
+
28
; [[LINReS]] by [[NII Consulting Pvt. Ltd.]]
+
: http://www.niiconsulting.com/innovation/linres.html
+
wiki/Talk:Excel_Spreadsheet_(XLS)
 
+
; [[SMART]] by [[ASR Data]]
+
404
: http://www.asrdata.com
+
 
+
6/14/14
; [[Second Look: Linux Memory Forensics]] by [[Pikewerks Corporation]]
+
: http://secondlookforensics.com/
+
29
 
+
== Macintosh-based Tools ==
+
wiki/TCFS
 
+
; [[Macintosh Forensic Software]] by [[BlackBag Technologies, Inc.]]
+
404
: http://www.blackbagtech.com/software_mfs.html
+
 
+
6/14/14
; [[MacForensicsLab]] by [[Subrosasoft]]
+
: [http://www.subrosasoft.com/OSXSoftware/index.php?main_page=product_info&cPath=39&products_id=114 MacForensicLab-Subrosasoft]
+
30
 
+
; [[Mac Marshal]] by [[ATC-NY]]
+
wiki/Wipe
: http://www.macmarshal.com/
+
 
+
404
== Windows-based Tools ==
+
 
+
6/14/14
; [[Blackthorn GPS Forensics]]
+
: http://www.blackthorngps.com
+
31
 
+
; [[BringBack]] by [[Tech Assist, Inc.]]
+
wiki/WvWare
: http://www.toolsthatwork.com/bringback.htm
+
 
+
404
; Belkasoft Evidence Center by [[Belkasoft]]
+
; http://www.belkasoft.com
+
6/14/14
: This product makes it easy for an investigator to search, analyze and store digital evidence found in Instant Messenger histories, Internet Browser histories and Outlook mailboxes.
+
 
+
32
; [[CD/DVD Inspector]] by [[InfinaDyne]]
+
; http://www.infinadyne.com/cddvd_inspector.html
+
wiki/NCryptfs
: This is the only forensic-qualified tool for examinination of optical media.  It has been around since 1999 and is in use by law enforcement, government and data recovery companies worldwide.
+
 
+
404
; [[EMail Detective - Forensic Software Tool]] by [[Hot Pepper Technology, Inc]]
+
; http://www.hotpepperinc.com/emd
+
6/14/14
 
+
; [[EnCase]] by [[Guidance Software]]
+
33
: http://www.guidancesoftware.com/
+
 
+
wiki/SmartCard
; Facebook Forensic Toolkit (FFT) by [http://www.forensicswiki.org/wiki/Afentis_forensics Afentis Forensics]
+
; http://www.facebookforensics.com
+
404
: eDiscovery toolkit to identify and clone full profiles; including wall posts, private messages, uploaded photos/tags, group details, graphically illustrate friend links, and generate expert reports.
+
 
+
6/14/14
; [[Forensic Toolkit]] ([[FTK]]) by [[AccessData]]
+
: http://www.accessdata.com/products/ftk/
+
34
 
+
; [[HBGary Responder Professional]]  - Windows Physical Memory Forensic Platform
+
wiki/Shred
:http://www.hbgary.com
+
 
+
404
; [[ILook Investigator]] by [[Elliot Spencer]] and [[Internal Revenue Service|U.S. Dept of Treasury, Internal Revenue Service - Criminal Investigation]] (IRS)
+
: http://www.ilook-forensics.org/
+
6/14/14
 
+
; [[Mercury Indexer]] by [[MicroForensics, Inc.]]
+
35
: http://www.MicroForensics.com/
+
 
+
wiki/Scanners
; [[Nuix Desktop]] by [[Nuix Pty Ltd]]
+
: http://www.nuix.com
+
404
 
+
; [[OnLineDFS]] by [[Cyber Security Technologies]]
+
6/14/14
: http://www.cyberstc.com/
+
 
+
36
; [[OSForensics]] by [[PassMark Software Pty Ltd]]
+
: http://www.osforensics.com/
+
wiki/Address_Resolution_Protocol
 
+
; [[P2 Power Pack]] by [[Paraben]]
+
404
: https://www.paraben-forensics.com/catalog/product_info.php?cPath=25&products_id=187
+
 
+
6/14/14
; [[Prodiscover]] by [[Techpathways]]
+
: http://www.techpathways.com/ProDiscoverWindows.htm
+
37
 
+
; [[Proof Finder]] by [[Nuix Pty Ltd]]
+
wiki/Biew
: http://www.prooffinder.com/
+
 
+
404
; [[Safeback]] by [[NTI]] and [[Armor Forensics]]
+
: http://www.forensics-intl.com/safeback.html
+
6/14/14
 
+
; [[X-Ways Forensics]] by [[X-Ways AG]]
+
38
: http://www.x-ways.net/forensics/index-m.html
+
 
+
wiki/CFS
; [[DateDecoder]] by [[Live-Forensics]]
+
: http://www.live-forensics.com/dl/DateDecoder.zip
+
404
: A command line tool that decodes most encoded time/date stamps found on a windows system, and outputs the time/date in a human readable format.
+
 
+
6/14/14
; [[RecycleReader]] by [[Live-Forensics]]
+
: http://www.live-forensics.com/dl/RecycleReader.zip
+
39
: A command line tool that outputs the contents of the recycle bin on XP, Vista and 7.
+
 
+
wiki/Hardware
; [[Dstrings]] by [[Live-Forensics]]
+
: http://www.live-forensics.com/dl/Dstrings.zip
+
404
: A command line tool that searches for strings in a given file.  It has the ability to compare the output of those strings against a dictionary to either exclude the dictionary terms in the output or only output files that match the dictionary.  It also has the ability to search for IP Addresses and URLs/Email Addresses.
+
 
+
6/14/14
; [[Unique]] by [[Live-Forensics]]
+
: http://www.live-forensics.com/dl/Unique.zip
+
40
: A command line tool similar to the Unix uniq. Allows for unique string counts, as well as various sorting options.
+
 
+
wiki/Hexdump
; [[HashUtil]] by [[Live-Forensics]]
+
: http://www.live-forensics.com/dl/HashUtil.zip
+
404
: HashUtil.exe will calculate MD5, SHA1, SHA256 and SHA512 hashes.  It has an option that will attempt to match the hash against the NIST/ISC MD5 hash databases.
+
 
+
6/14/14
; [http://www.windowsscope.com WindowsSCOPE Pro, Ultimate, Live]
+
: Comprehensive Windows Memory Forensics and Cyber Analysis, Incident Response, and Education support.
+
41
: Software and hardware based acquisition with [http://www.windowsscope.com/index.php?option=com_virtuemart&Itemid=34 CaptureGUARD PCIe and ExpressCard]
+
: Hardware based acquisition of memory on a locked computer via [http://www.windowsscope.com/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=30&category_id=1&option=com_virtuemart&Itemid=34 CaptureGUARD Gateway]
+
wiki/Ldd
: [http://www.windowsscope.com  WindowsSCOPE] Live provides memory analysis of Windows computers on a network from Android phones and tablets.
+
 
+
404
== Open Source Tools ==
+
 
+
6/14/14
; [[AFFLIB]]
+
: A library for working with [[disk image]]s. Currently AFFLIB supports raw, [[AFF]], [[AFD]], and [[EnCase]] file formats. Work to support segmented raw, [[iLook]], and other formats is ongoing.
+
42
 
+
; [[Autopsy]]
+
wiki/Ltrace
: http://www.sleuthkit.org/autopsy/desc.php
+
 
+
404
; [[Bulk Extractor]]
+
: https://github.com/simsong/bulk_extractor/wiki
+
6/14/14
: Bulk Extractor provides digital media triage by extracting Features from digital media.
+
 
+
43
; [[Bulk Extractor Viewer]]
+
: https://github.com/simsong/bulk_extractor/wiki/BEViewer
+
wiki/Memory_Card
: Bulk Extractor Viewer is a browser UI for viewing Feature data extracted using [[Bulk Extractor]].
+
 
+
404
; [[Digital Forensics Framework]] (DFF)
+
: DFF is cross-platform and open-source, user and developers oriented. It provide many features and is very modular. Our goal is to provide a powerful framework to the forensic community, so people can use only one tool during the analysis. http://www.digital-forensic.org
+
6/14/14
 
+
; [[foremost]]
+
44
: http://foremost.sf.net/
+
: [[Linux]] based file carving program
+
wiki/OLE-2
 
+
; [[FTimes]]
+
404
: http://ftimes.sourceforge.net/FTimes/index.shtml
+
: FTimes is a system baselining and evidence collection tool.
+
6/14/14
 
+
; [[gfzip]]
+
45
: http://www.nongnu.org/gfzip/
+
 
+
wiki/Other_Devices
; [[gpart]]
+
: http://www.stud.uni-hannover.de/user/76201/gpart/
+
404
: Tries to ''guess the primary partition table of a PC-type hard disk in case the primary partition table in sector 0 is damaged, incorrect or deleted''.
+
 
+
6/14/14
; [[Hachoir]]
+
: A generic framework for binary file manipulation, it supports [[FAT12]], [[FAT16]], [[FAT32]], [[ext2|ext2/ext3]], Linux swap, MSDOS partition header, etc. Recognize file type. Able to find subfiles (hachoir-subfile).
+
46
 
+
; [[magicrescue]]
+
wiki/SFS
: http://jbj.rapanden.dk/magicrescue/
+
 
+
404
; The [[Open Computer Forensics Architecture]]
+
: http://ocfa.sourceforge.net/
+
6/14/14
 
+
; [[pyflag]]
+
47
: http://code.google.com/p/pyflag/
+
: Web-based, database-backed forensic and log analysis GUI written in Python.
+
wiki/Sdd
 
+
; [[Scalpel]]
+
404
: http://www.digitalforensicssolutions.com/Scalpel/
+
: [[Linux]] and [[Windows]] file carving program originally based on [[foremost]].
+
6/14/14
 
+
; [[scrounge-ntfs]]
+
48
: http://memberwebs.com/nielsen/software/scrounge/
+
 
+
wiki/Kevin_Fairbanks
; [[Sleuthkit]]
+
: http://www.sleuthkit.org/
+
404
 
+
; [[The Coroner's Toolkit]] ([[TCT]])
+
6/14/14
: http://www.porcupine.org/forensics/tct.html
+
 
+
49
== [[NDA]] and [[scoped distribution]] tools ==
+
 
+
index.php?title=Timestomp
= Enterprise Tools (Proactive Forensics)=
+
 
+
404
; [[LiveWire Investigator 2008]] by [[WetStone Technologies]]
+
: http://www.wetstonetech.com/f/livewire2008.html
+
4/11/14
 
+
; [[P2 Enterprise Edition]] by [[Paraben]]
+
50
: http://www.paraben-forensics.com/enterprise_forensics.html
+
 
+
wiki/Metasploi
= Forensics Live CDs =
+
; [[Kali Linux]]
+
404
: [http://www.kali.org/ http://www.kali.org/]
+
 
+
6/14/14
; [[KNOPPIX]]
+
: [http://www.knopper.net/knoppix/index-en.html http://www.knopper.net/knoppix/index-en.html]
+
26-50 of 51
 
+
; [[BackTrack Linux]]
+
: [http://www.backtrack-linux.org/ http://www.backtrack-linux.org/]
+
 
+
See: [[:Category:Live CD|Forensics Live CDs]]
+
 
+
= Personal Digital Device Tools=
+
 
+
== GPS Forensics ==
+
 
+
; [[Blackthorn GPS Forensics]]
+
; [[.XRY]]
+
 
+
== PDA Forensics ==
+
; [[Cellebrite UFED]]
+
; [[.XRY]]
+
; [[Paraben PDA Seizure]]
+
; [[Paraben PDA Seizure Toolbox]]
+
; [[PDD]]
+
 
+
== Cell Phone Forensics ==
+
; [[BitPIM]]
+
; [[Cellebrite UFED]]
+
; [[DataPilot Secure View]]
+
; [[.XRY]]
+
: http://www.msab.com/index
+
; [[Fernico ZRT]]
+
; [[ForensicMobile]]
+
; [[LogiCube CellDEK]]
+
; [[MOBILedit!]]
+
; [[Oxygen Forensic Suite 2010]]
+
: http://www.oxygen-forensic.com
+
; [[Paraben's Device Seizure]] and [[Paraben's Device Seizure Toolbox]]
+
: http://www.paraben-forensics.com/handheld_forensics.html
+
; [[Serial Port Monitoring]]
+
; [[TULP2G]]
+
 
+
== SIM Card Forensics ==
+
; [[Cellebrite UFED]]
+
; [[.XRY]]
+
; [[ForensicSIM]]
+
; [[Paraben's SIM Card Seizure]]
+
: http://www.paraben-forensics.com/handheld_forensics.html
+
; [[SIMCon]]
+
 
+
== Preservation Tools ==
+
; [[Paraben StrongHold Bag]]
+
; [[Paraben StrongHold Tent]]
+
 
+
= Other Tools =
+
; Chat Sniper
+
: http://www.alexbarnett.com/chatsniper.htm
+
:  A forensic software tool designed to simplify the process of on-scene evidence acquisition and analysis of logs and data left by the use of AOL, MSN (Live), or Yahoo instant messenger.
+
 
+
; Computer Forensics Toolkit
+
: http://computer-forensics.privacyresources.org
+
: This is a collection of resources, most of which are informational, designed specifically to guide the beginner, often in a procedural sense.
+
 
+
; Live View
+
: http://liveview.sourceforge.net/
+
: Live View is a graphical forensics tool that creates a [[VMware]] [[virtual machine]] out of a dd disk image or physical disk.
+
 
+
; Parallels VM
+
: http://www.parallels.com/
+
: http://en.wikipedia.org/wiki/Parallels_Workstation
+
 
+
; Microsoft Virtual PC
+
: http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx
+
: http://en.wikipedia.org/wiki/Virtual_PC
+
 
+
; [[VMware]] Player
+
: http://www.vmware.com/products/player/
+
: http://en.wikipedia.org/wiki/VMware#VMware_Workstation
+
: A free player for [[VMware]] [[virtual machine]]s that will allow them to "play" on either [[Windows]] or [[Linux]]-based systems.
+
 
+
; [[VMware]] Server
+
: http://www.vmware.com/products/server/
+
: The free server product, for setting up/configuring/running [[VMware]] [[virtual machine]].Important difference being that it can run 'headless', i.e. everything in background.
+
 
+
; Webtracer
+
: http://www.forensictracer.com
+
: Software for forensic analysis of internet resources (IP address, e-mail address, domain name, URL, e-mail headers, log files...)
+
 
+
== Hex Editors ==
+
 
+
; [[biew]]
+
: http://biew.sourceforge.net/en/biew.html
+
 
+
; [[Okteta]]
+
: KDE's new cross-platform hex editor with features such as signature-matching
+
: http://utils.kde.org/projects/okteta/
+
 
+
; [[hexdump]]
+
: ...
+
 
+
; [[HexFiend]]
+
: A hex editor for Apple OS X
+
: http://ridiculousfish.com/hexfiend/
+
 
+
; [[Hex Workshop]]
+
: A hex editor from [[BreakPoint Software, Inc.]]
+
: http://www.bpsoft.com
+
 
+
; [[khexedit]]
+
: http://docs.kde.org/stable/en/kdeutils/khexedit/index.html
+
 
+
; [[WinHex]]
+
: Computer forensics software, data recovery software, hex editor, and disk editor from [[X-Ways]].
+
: http://www.x-ways.net/winhex
+
 
+
; [[wxHexEditor]]
+
: A Multi-OS supported, open sourced, hex and disk editor.
+
: http://www.wxhexeditor.org
+
 
+
; [[xxd]]
+
: ...
+
 
+
; [[HexReader]]
+
: [[Live-Forensics]] software that reads windows files at specified offset and length and outputs results to the console.
+
: http://www.live-forensics.com/dl/HexReader.zip
+
 
+
= Telephone Scanners/War Dialers =
+
 
+
;PhoneSweep
+
:http://www.sandstorm.net/products/phonesweep/
+
:PhoneSweep is a commercial grade multi-line wardialer used by many security auditors to run telephone line scans in their organizations. PhoneSweep Gold is the distributed-access add-on for PhoneSweep, for organizations that need to run scans remotely.
+

Latest revision as of 06:51, 16 June 2014

Below is a list of the pages that Google says no longer exists on the ForensicsWiki. In going through the backups it appears that the pages were never created in the first place. If you know of content that is missing please contact us.


wiki/Forensics_Wiki:General_disclaimer

404

5/25/14

2

index.php?title=LNK

404

4/11/14

3

wiki/Talk:Ddrescue

404

6/14/14

4

wiki/RIPEMD-160

404

6/14/14

5

wiki/Brute-force

404

6/14/14

6

wiki/Whirlpool

404

6/14/14

7

wiki/Guy_Voncken

404

6/14/14

8

wiki/Darren_Bilby

404

6/14/14

9

wiki/Disk_imaging

404

6/14/14

10

wiki/SquashFS

404

6/14/14

11

wiki/Talk:GELI

404

6/14/14

12

wiki/Daubert

404

6/14/14

13

wiki/GEOM

404

6/14/14

14

wiki/RAID

404

6/14/14

15

wiki/CBC

404

6/14/14

16

wiki/Ubuntu

404

6/14/14

17

wiki/Key-file

404

6/14/14

18

wiki/LWR

404

6/14/14

19

wiki/CAST

404

6/14/14

20

wiki/XTS

404

6/14/14

21

wiki/Talk:Volatility_Framework

404

6/14/14

22

wiki/Talk:Volatility

404

6/14/14

23

wiki/Lodovico_Marziale

404

6/14/14

24

wiki/Open_source

404

6/14/14

25

wiki/Talk:OpenBSD

404

6/14/14


26

wiki/Directory

404

6/14/14

27

wiki/Yaffs

404

6/14/14

28

wiki/Talk:Excel_Spreadsheet_(XLS)

404

6/14/14

29

wiki/TCFS

404

6/14/14

30

wiki/Wipe

404

6/14/14

31

wiki/WvWare

404

6/14/14

32

wiki/NCryptfs

404

6/14/14

33

wiki/SmartCard

404

6/14/14

34

wiki/Shred

404

6/14/14

35

wiki/Scanners

404

6/14/14

36

wiki/Address_Resolution_Protocol

404

6/14/14

37

wiki/Biew

404

6/14/14

38

wiki/CFS

404

6/14/14

39

wiki/Hardware

404

6/14/14

40

wiki/Hexdump

404

6/14/14

41

wiki/Ldd

404

6/14/14

42

wiki/Ltrace

404

6/14/14

43

wiki/Memory_Card

404

6/14/14

44

wiki/OLE-2

404

6/14/14

45

wiki/Other_Devices

404

6/14/14

46

wiki/SFS

404

6/14/14

47

wiki/Sdd

404

6/14/14

48

wiki/Kevin_Fairbanks

404

6/14/14

49

index.php?title=Timestomp

404

4/11/14

50

wiki/Metasploi

404

6/14/14

26-50 of 51