Difference between pages "Hard Drive Passwords" and "Tools:Network Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(New page: ; Burst : http://www.burstmedia.com/release/advertisers/geo_faq.htm : Expensive IP geo-location service. ; chkrootkit : http://www.chkrootkit.org ; cryptcat : http://farm9....)
 
Line 1: Line 1:
Some hard drives support passwords. These passwords can be implemented in computer's operating system, its BIOS, or even in the hard drive's firmware.  Passwords implemented in the OS are the easiest to remove, those in the firmware are the hardest.
 
  
Sometimes people use the term "password" but the hard drive is really [[Full Disk Encryption|encrypted]], and the password is used to unlock a decryption key. These passwords cannot be removed — the encryption key must be cracked or discovered through another means.
 
  
=Vendors=
+
; [[Burst]]
* Disklabs (www.disklabs.com) is able to remove some forms of hard drive passwords.
+
: http://www.burstmedia.com/release/advertisers/geo_faq.htm
 +
: Expensive IP geo-location service.
  
* Dell will assist law enforcement in removing the passwords from password-protected hard drives. You need to provide Dell with a copy of the search warrant and the computer's service tag #. Reportedly this can be done over the phone, once you have a good relationship with Dell.
+
; [[chkrootkit]]
 +
: http://www.chkrootkit.org
  
* [http://www.hdd.profesjonalnie.pl/to.php Seagate HDD Service Device for 2,5" drives BASIC Kit]: The tool works with 2,5" drives of Seagate. Main functionality - ATA PASSWORD removal from 2,5" drives.
+
; [[cryptcat]]
 +
: http://farm9.org/Cryptcat/
  
* [http://www.acelaboratory.com/pc3000.htm PC-3000 for Windows] has "An opportunity to unlock USER and MASTER passwords used in a HDD".
+
; [[Enterasys Dragon]]
 +
: http://www.enterasys.com/products/advanced-security-apps/index.aspx Instrusion Detection System includes session reconstruction.
  
* [http://www.hdd-tools.com/products/rrs/ With Repair Station you can remove an unknown ATA-password; both security levels are supported: High and Maximum]
+
; [[MaxMind]]
 +
: http://www.maxmind.com
 +
: IP geolocation service and data provider for off-line geotagging.  Free GeoLite country database. Programmable APIs.
  
* [http://www.vogon-investigation.com/password-cracker-solution.htm Using the Vogon Password Cracker POD, the protection from the drive can be removed]
+
; [[netcat]]
 +
: http://netcat.sourceforge.net/
  
* [http://www.salvationdata.com SalvationData] sells a system for "Stage 2 physical data damage" recovery from HDDs. The company sells tools such as [http://www.salvationdata.com/data-recovery-equipment/hd-doctor.htm HD Doctor Suite], [http://www.salvationdata.com/data-recovery-equipment/data-compass.htm Data Compass] and [http://www.salvationdata.com/data-recovery-equipment/hd-hpe-pro.htm HD HPE Pro] for swapping out platters from one drive into another drive, changing the firmware on drives, and other kinds of operations. You can buy it from http://www.computersciencelabs.com.
+
; [[netflow]]/[[flowtools]]
 +
: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
 +
: http://www.splintered.net/sw/flow-tools/
 +
: http://silktools.sourceforge.net/
 +
: http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (vmWare)
  
= Master Passwords =
+
; NetIntercept
 +
: http://www.sandstorm.net/products/netintercept
 +
: NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
 +
; [[rkhunter]]
 +
: http://rkhunter.sourceforge.net/
  
''These passwords were received from unofficial sources, they may not work!''
+
; [[ngrep]]
 +
: http://ngrep.sourceforge.net/
  
* Western Digital: ''WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD''
+
; [[nslookup]]
* Maxtor: ''Maxtor*INIT SECURITY TEST STEP*F'' (''*'' means ''00h'')
+
: http://en.wikipedia.org/wiki/Nslookup Name Server Lookup command line tool used to find IP address from domain name
* Seagate: ''Seagate''
+
 
* Fujitsu, Hitachi, Toshiba: 32 spaces
+
; [[Sguil]]
* Samsung: ''tttttttttttttttttttttttttttttttt''
+
: http://sguil.sourceforge.net/
* IBM:
+
 
** ''CED79IJUFNATIT''
+
; [[Snort]]
** ''VON89IJUFSUNAJ''
+
: http://www.snort.org/
** ''RAM00IJUFOTSELET''
+
 
 +
; [[ssldump]]
 +
: http://ssldump.sourceforge.net/
 +
 
 +
; [[Tcpdump]]
 +
: http://www.tcpdump.org
 +
 
 +
; [[tcpextract]]
 +
: http://tcpxtract.sourceforge.net/
 +
 
 +
; [[tcpflow]]
 +
: http://www.circlemud.org/~jelson/software/tcpflow/
 +
 
 +
; [[truewitness]]
 +
: http://www.nature-soft.com/forensic.html
 +
: Linux/open-source. Based in India.
 +
 
 +
; [[etherpeek]]
 +
: http://www.wildpackets.com/products/etherpeek/overview
 +
 
 +
; [[Whois]]
 +
: http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
 +
: http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
 +
 
 +
; [[IP Regional Registries]]
 +
: http://www.arin.net/community/rirs.html
 +
: http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
 +
: http://www.afrinic.net/ African Network Information Center (AfriNIC)
 +
: http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
 +
: http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
 +
: http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)
 +
 
 +
 
 +
; [[Wireshark/Ethereal]]
 +
: http://www.wireshark.org/
 +
: Open Source protocol analyzer previously known as ethereal.
 +
 
 +
 
 +
 
 +
== Securely deleting data ==
 +
 
 +
; [[BangDisk]]
 +
: Offers several patterns for wiping data, wipe multiple types of media at one time USB, ATA, SCSI, CF and more.
 +
: http://www.bangdisk.com
 +
 
 +
; [[BCWipe]]
 +
: Secure data deletion tools for [[Windows]] and [[Unix]]-like [[operating systems]].
 +
 
 +
; [[CyberScrub cyberCide]]
 +
: This program securely erases all data from drives or partitions.
 +
: http://www.cyberscrub.com/products/cybercide/index.php
 +
 
 +
; [[CyberScrub Privacy Suite]]
 +
: This program securely erases selected data, wipes free space, powerful scheduling capabilities.
 +
: http://www.cyberscrub.com/products/privacysuite/index.php
 +
 
 +
; [[CyberScrub Compliance Suite]]
 +
: Network-based program securely erases selected data, wipes free space, powerful scheduling and log file reporting capabilities. Ideal for enforcing document life-cycle and data retention policies. Ensures compliance with HIPAA, Sarbanes Oxley, FACTA, Gramm Leach Bliley and more
 +
: http://www.cyberscrub.com/products/compliancesuite/index.php
 +
 
 +
; [[Darik's Boot and Nuke]] ([[DBAN]])
 +
: This is a bootable disk that securely wipes any hard disk it can detect. 
 +
: http://dban.sourceforge.net/
 +
 
 +
; [[Eraser]]
 +
: Offers several patterns for wiping data including [[Peter Gutmann]]'s and the [[US DoD 5200.28-STD]] standard.
 +
: http://www.heidi.ie/eraser
 +
 
 +
; [[Ontrack Data Eraser]]
 +
: ...
 +
 
 +
; [[shred]]
 +
: http://www.gnu.org/software/coreutils/ linux version of GNU shred
 +
: http://gnuwin32.sourceforge.net/packages/coreutils.htm Win32 version of GNU shred
 +
: Part of GNU coreutils.
 +
 
 +
; [[wipe]]
 +
: http://abaababa.ouvaton.org/wipe/
 +
 
 +
; [[Lenovo SDD]]
 +
: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-56394
 +
 
 +
== See also ==
 +
 
 +
* [[Anti-forensic techniques]]
 +
* [[Database Encryption]].

Revision as of 11:11, 20 August 2007


Burst
http://www.burstmedia.com/release/advertisers/geo_faq.htm
Expensive IP geo-location service.
chkrootkit
http://www.chkrootkit.org
cryptcat
http://farm9.org/Cryptcat/
Enterasys Dragon
http://www.enterasys.com/products/advanced-security-apps/index.aspx Instrusion Detection System includes session reconstruction.
MaxMind
http://www.maxmind.com
IP geolocation service and data provider for off-line geotagging. Free GeoLite country database. Programmable APIs.
netcat
http://netcat.sourceforge.net/
netflow/flowtools
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
http://www.splintered.net/sw/flow-tools/
http://silktools.sourceforge.net/
http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (vmWare)
NetIntercept
http://www.sandstorm.net/products/netintercept
NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
rkhunter
http://rkhunter.sourceforge.net/
ngrep
http://ngrep.sourceforge.net/
nslookup
http://en.wikipedia.org/wiki/Nslookup Name Server Lookup command line tool used to find IP address from domain name
Sguil
http://sguil.sourceforge.net/
Snort
http://www.snort.org/
ssldump
http://ssldump.sourceforge.net/
Tcpdump
http://www.tcpdump.org
tcpextract
http://tcpxtract.sourceforge.net/
tcpflow
http://www.circlemud.org/~jelson/software/tcpflow/
truewitness
http://www.nature-soft.com/forensic.html
Linux/open-source. Based in India.
etherpeek
http://www.wildpackets.com/products/etherpeek/overview
Whois
http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
IP Regional Registries
http://www.arin.net/community/rirs.html
http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
http://www.afrinic.net/ African Network Information Center (AfriNIC)
http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)


Wireshark/Ethereal
http://www.wireshark.org/
Open Source protocol analyzer previously known as ethereal.


Securely deleting data

BangDisk
Offers several patterns for wiping data, wipe multiple types of media at one time USB, ATA, SCSI, CF and more.
http://www.bangdisk.com
BCWipe
Secure data deletion tools for Windows and Unix-like operating systems.
CyberScrub cyberCide
This program securely erases all data from drives or partitions.
http://www.cyberscrub.com/products/cybercide/index.php
CyberScrub Privacy Suite
This program securely erases selected data, wipes free space, powerful scheduling capabilities.
http://www.cyberscrub.com/products/privacysuite/index.php
CyberScrub Compliance Suite
Network-based program securely erases selected data, wipes free space, powerful scheduling and log file reporting capabilities. Ideal for enforcing document life-cycle and data retention policies. Ensures compliance with HIPAA, Sarbanes Oxley, FACTA, Gramm Leach Bliley and more
http://www.cyberscrub.com/products/compliancesuite/index.php
Darik's Boot and Nuke (DBAN)
This is a bootable disk that securely wipes any hard disk it can detect.
http://dban.sourceforge.net/
Eraser
Offers several patterns for wiping data including Peter Gutmann's and the US DoD 5200.28-STD standard.
http://www.heidi.ie/eraser
Ontrack Data Eraser
...
shred
http://www.gnu.org/software/coreutils/ linux version of GNU shred
http://gnuwin32.sourceforge.net/packages/coreutils.htm Win32 version of GNU shred
Part of GNU coreutils.
wipe
http://abaababa.ouvaton.org/wipe/
Lenovo SDD
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-56394

See also