ATTENTION: The new home of the Digital Forensics Wiki is at Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Difference between revisions of "Knoppix STD"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Infobox_Software | name = Knoppix STD | maintainer = | os = | genre = {{Live CD}} | license = {{GPL}} | website = [] | }} Knoppix STD is a [[Co...)
Line 8: Line 8:
Knoppix STD is a [[Computer Forensics|computer forensics]] / [[Incident Response|incident response]] [[live CD]] based on Knoppix.
Knoppix STD is a [[computer forensics]] / [[Incident Response|incident response]] [[Live CD]] based on Knoppix.
== Tools ==
== Tools ==

Revision as of 10:53, 4 August 2007

Knoppix STD
Genre: Live CD
License: GPL

Knoppix STD is a computer forensics / incident response Live CD based on Knoppix.



  • Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

External Links