Difference between pages "COFEE" and "Knoppix STD"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{expand}}
+
{{Deprecated Software}}
  
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = COFEE |
+
   name = Knoppix STD |
   maintainer = Microsoft |
+
   maintainer = [[STD project]]  |
   os = {{Windows}} |
+
   os = [[Linux]] |
   genre = {{Incident response}} |
+
   genre = {{Live CD}}, {{Incident Response}} |
 
   license = {{GPL}} |
 
   license = {{GPL}} |
   website = [http://www.microsoft.com/industry/government/solutions/cofee/default.aspx www.microsoft.com] |
+
   website = [http://s-t-d.org/ s-t-d.org/] |
 
}}
 
}}
  
'''Computer Online Forensic Evidence Extractor (COFEE)'''
+
Knoppix STD is a [[computer forensics]] / [[Incident Response|incident response]] [[Live CD]] based on Knoppix.
  
COFEE is a piece of Microsoft software designed to all the easy capture of important "live" computer evidence at the scene in cybercrime investigations, without special forensics expertise.
+
== Tools ==
  
The fully customizable tool allows your on-the-scene agents to run more than 150 commands on a live computer system. It also provides reports in a simple format for later interpretation by experts or as supportive evidence for subsequent investigation and prosecution. And the COFEE framework can be tailored to effectively meet the needs of your particular investigation.
+
=== Forensics ===
To help combat the growing number of ways that criminals use computers and the Internet to commit crimes, Microsoft is working with INTERPOL and the National White Collar Crime Center (NW3C) to provide COFEE at no cost to law enforcement agencies in 187 countries worldwide. INTERPOL and NW3C are also working with Florida State University and University College Dublin to continue the research and development that will help ensure that COFEE serves the needs of law enforcement, even as technology evolves.
+
  
Law enforcement can get COFEE from NW3C at www.nw3c.org or by contacting INTERPOL at COFEE@interpol.int.
+
* [[Sleuthkit]] 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
 +
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
 +
* biew : binary viewer
 +
* bsed : binary stream editor
 +
* consh : logged shell (from F.I.R.E.)
 +
* coreography : analyze core files
 +
* dcfldd : US DoD Computer Forensics Lab version of dd
 +
* fenris : code debugging, tracing, decompiling, reverse engineering tool
 +
* fatback : Undelete FAT files
 +
* foremost : recover specific file types from disk images (like all JPG files)
 +
* ftimes : system baseline tool (be proactive)
 +
* galleta : recover Internet Explorer cookies
 +
* hashdig : dig through hash databases
 +
* hdb : java decompiler
 +
* mac-robber : TCT's graverobber written in C
 +
* [[md5deep]] : run md5 against multiple files/directories
 +
* memfetch : force a memory dump
 +
* pasco : browse IE index.dat
 +
* photorec : grab files from digital cameras
 +
* readdbx : convert Outlook Express .dbx files to mbox format
 +
* readoe : convert entire Outlook Express .directory to mbox format
 +
* rifiuti : browse Windows Recycle Bin INFO2 files
 +
* secure_delete : securely delete files, swap, memory....
 +
* testdisk : test and recover lost partitions
 +
* wipe : wipe a partition securely. good for prep'ing a partition for dd
 +
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
  
 
== External Links ==
 
== External Links ==
* [http://www.microsoft.com/industry/government/solutions/cofee/default.aspx Official web site]
+
 
 +
* [http://s-t-d.org/ Official Site]
 +
* [http://forum.s-t-d.org/ Support Forum]

Revision as of 05:40, 18 January 2014

40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

Knoppix STD
Maintainer: STD project
OS: Linux
Genre: Live CD, Template:Incident Response
License: GPL
Website: s-t-d.org/

Knoppix STD is a computer forensics / incident response Live CD based on Knoppix.

Tools

Forensics

  • Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

External Links