Difference between revisions of "Knoppix STD"

Latest revision as of 05:24, 28 July 2012

Knoppix STD is a computer forensics / incident response Live CD based on Knoppix.

[edit] Tools

[edit] Forensics

• Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
• autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
• biew : binary viewer
• bsed : binary stream editor
• consh : logged shell (from F.I.R.E.)
• coreography : analyze core files
• dcfldd : US DoD Computer Forensics Lab version of dd
• fenris : code debugging, tracing, decompiling, reverse engineering tool
• fatback : Undelete FAT files
• foremost : recover specific file types from disk images (like all JPG files)
• ftimes : system baseline tool (be proactive)
• galleta : recover Internet Explorer cookies
• hashdig : dig through hash databases
• hdb : java decompiler
• mac-robber : TCT's graverobber written in C
• md5deep : run md5 against multiple files/directories
• memfetch : force a memory dump
• pasco : browse IE index.dat
• photorec : grab files from digital cameras
• readdbx : convert Outlook Express .dbx files to mbox format
• readoe : convert entire Outlook Express .directory to mbox format
• rifiuti : browse Windows Recycle Bin INFO2 files
• secure_delete : securely delete files, swap, memory....
• testdisk : test and recover lost partitions
• wipe : wipe a partition securely. good for prep'ing a partition for dd
• and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

[edit] External Links

• Official Site
• Support Forum