Tools:Network Forensics
From Forensics Wiki
- Burst
- http://www.burstmedia.com/release/advertisers/geo_faq.htm
- Expensive IP geo-location service.
- Enterasys Dragon
- http://www.enterasys.com/products/advanced-security-apps/index.aspx Instrusion Detection System includes session reconstruction.
- MaxMind
- http://www.maxmind.com
- IP geolocation service and data provider for off-line geotagging. Free GeoLite country database. Programmable APIs.
- netflow/flowtools
- http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
- http://www.splintered.net/sw/flow-tools/
- http://silktools.sourceforge.net/
- http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (vmWare)
- NetIntercept
- http://www.sandstorm.net/products/netintercept
- NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
- rkhunter
- http://rkhunter.sourceforge.net/
- nslookup
- http://en.wikipedia.org/wiki/Nslookup Name Server Lookup command line tool used to find IP address from domain name
- truewitness
- http://www.nature-soft.com/forensic.html
- Linux/open-source. Based in India.
- Whois
- http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
- http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
- IP Regional Registries
- http://www.arin.net/community/rirs.html
- http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
- http://www.afrinic.net/ African Network Information Center (AfriNIC)
- http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
- http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
- http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)
- Wireshark/Ethereal
- http://www.wireshark.org/
- Open Source protocol analyzer previously known as ethereal.
Securely deleting data
- BangDisk
- Offers several patterns for wiping data, wipe multiple types of media at one time USB, ATA, SCSI, CF and more.
- http://www.bangdisk.com
- BCWipe
- Secure data deletion tools for Windows and Unix-like operating systems.
- CyberScrub cyberCide
- This program securely erases all data from drives or partitions.
- http://www.cyberscrub.com/products/cybercide/index.php
- CyberScrub Privacy Suite
- This program securely erases selected data, wipes free space, powerful scheduling capabilities.
- http://www.cyberscrub.com/products/privacysuite/index.php
- CyberScrub Compliance Suite
- Network-based program securely erases selected data, wipes free space, powerful scheduling and log file reporting capabilities. Ideal for enforcing document life-cycle and data retention policies. Ensures compliance with HIPAA, Sarbanes Oxley, FACTA, Gramm Leach Bliley and more
- http://www.cyberscrub.com/products/compliancesuite/index.php
- Darik's Boot and Nuke (DBAN)
- This is a bootable disk that securely wipes any hard disk it can detect.
- http://dban.sourceforge.net/
- Eraser
- Offers several patterns for wiping data including Peter Gutmann's and the US DoD 5200.28-STD standard.
- http://www.heidi.ie/eraser
- shred
- http://www.gnu.org/software/coreutils/ linux version of GNU shred
- http://gnuwin32.sourceforge.net/packages/coreutils.htm Win32 version of GNU shred
- Part of GNU coreutils.
- Lenovo SDD
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-56394
