Difference between pages "Tools:Visualization" and "Linux Repositories"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Abandoned Social network Graphers)
 
(Imaging Tools)
 
Line 1: Line 1:
Although not strictly for forensic purposes, '''visualization tools''' such as the ones discussed here can be very useful for visualizing large data sets. As forensic practitioners need to process more and more data, it is likely that some of the techniques implemented by these tools will need to be adopted.
 
  
==Programming Languages and Developer Toolkits==
+
There are a number of linux distributions.
If you are building forensic tools, you probably want to start with one of these:
+
; Java and Swing
+
: Advantage: Portable and lots of good documentation out there.
+
: Disadvantage: Programs are a bit verbose, and only offers about 1/2 the performance of C
+
  
; Python with tkinter
+
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
: Advantage: Portable
+
: Disadvantage: Python is one of the slowest modern languages around.
+
  
; Python with wxWidgets
+
=Repository Setup=
: Advantage: Portable and a better development environment than tkiner
+
==openSUSE==
: Disadvantage: wxWidgets is not installed by default, so you'll need to get it installed. Not as well documented as Tkinter
+
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
  
; [http://www.pyside.org Python with Qt (PySide)]
+
*security
: Advantage: Portable and a better development environment than tkiner or wxWidgets
+
*devel:languages:perl
: Disadvantage: Though not difficult, PySide has to be installed separately
+
*devel:languages:python
  
; [http://processing.org processing.org]
+
This is most easily done from the command line via (assumes openSUSE 12.1):
: Advantage: Programming language specifically developed for visualization; compiles to java byte code
+
: Disadvantage: Very oddball
+
  
; JavaFX - Java's version of Flash
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
 +
 +
zypper lr  <nowiki>          </nowiki>  # used to verify you have the repos installed
  
; Flash
+
==fedora==
 +
==debian==
 +
==ubuntu==
  
Or you could try one of these higher-level toolkits:
+
=Computer Forensic Tools=
 +
Below is a list of computer forensic tools.  For each tool the repository it can be found in and the version in the repository is shown.
  
; Crystal Space 3D
+
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
  
; Panda#D
+
==Imaging Tools==
  
== Applications ==
+
{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
Most of these are scriptable.
+
|-
===Open Source===
+
|rowspan=1| '''Tool'''
====Data Plotting====
+
|'''openSUSE'''
* http://ploticus.sourceforge.net
+
|'''fedora'''
* http://www.gnuplot.info/
+
|'''debian'''
* [http://www.opendx.org/ OpenDX] - Based on [[IBM]]'s Visualization Data Explorer for 3D, runs on [[Unix]]/X11/Motif. (2007)
+
|'''ubuntu'''
* http://tulip.labri.fr/TulipDrupal/
+
|'''comment'''
* http://highcharts.com/
+
|'''General Remarks'''
* matplotlib
+
  
====Graph and (Social) Network Visualization====
+
|-
* [http://code.google.com/p/boomslang/ Boomslang] --- A thin layer of python over matplotlib that makes it easier to do common plots.
+
|rowspan=1| [http://www.e-fense.com/helix/ adepto]
* [http://www.cytoscape.org/ Cytoscape] - Cytoscape is an open source software platform for visualizing complex networks and integrating these with any type of attribute data.
+
|N/A <!-- opensuse -->
* [http://www.graphviz.org/ Graphviz] - Originally developed by the [http://public.research.att.com/areas/visualization/ AT&T Information Visualization Gorup], designed for drawing connected graphs of nodes and edges. Neato is a similar system but does layout based on a spring model. Can produce output as [[PostScript]], [[PNG]], [[GIF]], or as an annotated graph file with the locations of all of the objects &mdash; ideal for drawing in a GUI. Runs from the command line on [[Unix]], [[Windows]] and [[Mac]], although there is also a [http://www.pixelglow.com/graphviz/ MacOS GUI version].
+
|?              <!-- fedora-->
* [http://www.codeplex.com/nodexl NodeXL] - Free/open excel add-in extends the spreadsheet with network metrics and visualizations. (Only runs on Windows)
+
|?              <!-- debian-->
* [http://gephi.org/ Gephi] -Gephi is an interactive visualization and exploration platform for all kinds of networks and complex systems, dynamic and hierarchical graphs
+
|?              <!-- ubuntu-->
* http://graphstream-project.org/
+
|  <!-- comment -->
* http://projects.skewed.de/graph-tool/ - graph-tool is an efficient python module for manipulation and statistical analysis of graphs (a.k.a. networks).
+
|adepto is included in the helix boot cd<!-- General Remarks -->
* http://igraph.sourceforge.net/
+
* http://nwb.cns.iu.edu/ - NetworkWorkbench, a workbench for network scientists.
+
* http://socnetv.sourceforge.net/ - "Social Networks Visualizer (SocNetV) is a flexible and user-friendly tool for the analysis and visualization of Social Networks."
+
* [http://jung.sourceforge.net/ Java Universal Network/Graph Framework (JUNG)] - Graphing, [[data mining]], [[social network]] analysis, and other stuff.
+
* [http://bioinformatics.icmb.utexas.edu/lgl/ Large Graph Layout (LGL)] - A bioinformatics system from University of Texas. They really mean Large.
+
* [http://www.analytictech.com/netdraw/netdraw.htm NetDraw] - "a free program written by Steve Borgatti for visualizing both 1-mode and 2-mode social network data."
+
* [http://pajek.imfm.si/doku.php Pajek] - Windows program for drawing large networks.
+
* [http://sourceforge.net/projects/sonia/ Social Network Image Animator (SoNIA)] - Originally developed at Stanford. Written in Java. Makes movies.
+
* [http://wilma.sourceforge.net/ WilmaScope] - Real-time animations of dynamic graph structures. Written in Java. Sophisticated force model with strings and attraction.
+
* [http://www.caida.org/tools/visualization/walrus/ Walrus] - A 3-d graph network exploration tool. Employs 3D hyperbolic displays and layout based on a user-supplied spanning tree.
+
* [http://afterglow.sf.ne AfterGlowt] - A tool to convert CSV data into DOT descriptions with highly configurable instructions.
+
* http://tulip.labri.fr/TulipDrupal/ - Tulip is an information visualization framework dedicated to the analysis and visualization of relational data.
+
  
See also: http://en.wikipedia.org/wiki/Social_network_analysis_software
+
|-
 +
|rowspan=1| [[aimage]]
 +
|security/3.2.5 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|aimage has been EOL'ed.  guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
  
====Abandoned Social network Graphers====
+
|-
(Abandoned means that it hasn't been updated since 2009)
+
|rowspan=1| [[AIR]]
* [http://graphexploration.cond.org/ Guess: The Graph Exploration System] - Originally developed at HP, this is a large Jython/Java-based system that you can use for building your own applications. Distributed under GPL. (2007)
+
|N/A <!-- opensuse -->
* [http://sourceforge.net/projects/ivc/ InfoVis Cyberinfrastructure] - Another graph drawing system written in Java. (2009)
+
|?              <!-- fedora-->
* [http://www.andrew.cmu.edu/user/krack/krackplot.shtml Krackplot] - "KrackPlot is a program for network visualization designed for social network analysts." (2006; Windows only; no source, apparently)
+
|?              <!-- debian-->
* [http://www.sfu.ca/~richards/Multinet/Pages/multinet.htm MultiNet] - A data analysis package for drawing conventional data and graph data.  (2007)
+
|?              <!-- ubuntu-->
* [http://developer.berlios.de/projects/nv2d/ NetVis 2D] - Another graph visualization and layout tool written in Java. (2005)
+
|Automated Image and Restore  <!-- comment -->
* [http://www.informatik.uni-bremen.de/uDrawGraph/en/uDrawGraph/uDrawGraph.html uDrawGraph]
+
|a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
* [http://ubietylab.net/ubigraph/ Ubigraph] - a tool for visualizing dynamic graphs. The basic version is free, and talks to Python, Ruby, PHP, Java, C, C++, C#, Haskell, and OCaml.  (2008)
+
* http://www.paterva.com/web5/
+
  
====Computer Network Visualization====
+
|-
* [http://tnv.sourceforge.net/ The Network Visualizer]
+
|rowspan=1| [[dc3dd]]
 +
|security*/7.1.614 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|DoD Cyber Crime Center DD  <!-- comment -->
 +
|This tool was formerly known as dcfldd.  When released as dc3dd it was totally rewritten. <!-- General Remarks -->
  
=== Commercial Graphic Applications and Tools===
+
|-
 +
|rowspan=1| [[ddrescue]]
 +
|Base/1.14 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|Also known as GNU ddrescue<!-- comment -->
 +
|This tool is different than dd_rescue.
  
* [http://www.aisee.com/ aiSee Graph Layout Software] - Supports 15 layout algorithms, recursive graph nesting, and easy printing. Runs on [[Windows]], [[Linux]], [[Solaris]], [[NetBSD]], and [[MacOS]]. 30-day trial and free registered versions available. Academic pricing available.
+
|-
[http://www.geomantics.com/ Geomantics] - Geographical, Visualization and Graphics software. Runs on [[Windows]].
+
|rowspan=1| [[dd_rescue]]
* [http://www.kylebank.com/ Graphis 2D and 3D graphing software] - Runs on [[Windows]]. Free 30-day evaluation copy available.
+
|N/A <!-- opensuse -->
* [http://www.openviz.com/ OpenViz] and  [http://www.powerviz.com/ PowerViz] - Both from Advanced Visual Systems, super high-end visualization toolkits. $$$$
+
|?              <!-- fedora-->
* [http://www.tomsawyer.com/ Tom Sawyer Software] Analysis, Visualizaiton, and Layout programs. - Heavy support for drawing graphs. Beautiful gallery. ActiveX, Java, C++ and .NET editions.
+
|?              <!-- debian-->
* [http://www.netminer.com/ NetMiner] - A comprehensive tool for Social Network Analysis. Runs on Windows, with a Linux version under development. $35 for "Express" student version, $250 for "Professional" student version, $950 for "Normal" "Professional" version.
+
|?              <!-- ubuntu-->
* [http://www.analytictech.com/ucinet.htm UCINET] - A comprehensive package for the analysis of social network data as well as other 1-mode and 2-mode data.
+
|<!-- comment -->
* [http://www.clarifiednetworks.com/logster Logster] - an ultra-easy software tool to visualize Apache-style logs on a world map.
+
|This tool is different than GNU ddrescue.
* [http://www.clarifiednetworks.com/Clarified%20Analyzer Clarified Analyzer] - Visualizes Network Traffic and allows to drill down from visualizations to the packet level.
+
  
== Visualization Toolkits and Libraries ==
+
|-
===C/C++===
+
|rowspan=1| [[IXimager]]
* [http://public.kitware.com/VTK/ The Visualization Toolkit] - C++ multi-platform with interfaces available for Tcl/Tk, Java and Python. Professional support provided by [http://www.kitware.com/ Kitware].
+
|N/A <!-- opensuse -->
* [http://kdirstat.sourceforge.net/ KDirStat], an open source implementation of [http://www.cs.umd.edu/hcil/treemap-history/index.shtml Treemaps] written in C. (Treemaps are a visualization technique developed at the University of Maryland for visualizing large amounts of multi-dimensional data.)  You can find a copy of it in [http://www.derlien.com/ Disk Inventory X] and
+
|?              <!-- fedora-->
===Java===
+
|?              <!-- debian-->
* [http://csbi.sourceforge.net/index.html Graph Interface Library (GINY)] - Java
+
|?             <!-- ubuntu-->
* [http://hypergraph.sourceforge.net/ HyperGraph] - Hyperbolic trees, in Java. Check out the home page. Try clicking on the logo...
+
|A law enforcement only imager<!-- comment -->
* [http://ivtk.sourceforge.net/ InfoViz Toolkit] - Java, originally developed at [[INRA]].
+
|used in conjunction with ILook Investigator
* [https://jdigraph.dev.java.net/ Jdigrah] - Java Directed Graphs.
+
* [http://jgrapht.sourceforge.net/ JGraphT] - A Java visualization kit designed to be simple and extensible.
+
* [http://prefuse.sourceforge.net/ Perfuse] - A Java-based toolkit for building interactive information visualization applications
+
* [http://www.ssec.wisc.edu/~billh/visad.html#intro VisAD] - A Java component library for interactive and collaborative visualization.
+
* [http://www.softwaresecretweapons.com/jspwiki/Wiki.jsp?page=LinguineMaps Linguine Maps] - An open-source Java-based system for visualizing software call maps.
+
* [http://zvtm.sourceforge.net/index.html Zoomable Visual Transformation Machine] - Java. Originally started at Xerox Research Europe.
+
* [http://openmap.bbn.com/ OpenMap] A Java-based Geographical Information System framework, from [[BBN]].
+
===JavaScript===
+
* [http://mbostock.github.com/d3/ D3 - Data Driven Documents] - A visualization library for the Web.
+
===Unclassified===
+
* [http://gravisto.fim.uni-passau.de/ Gravisto: Graph Visualization Toolkit] - An editor and toolkit for developing graph visualization algorithms.
+
* [http://www.gnu.frb.br:8080/rox Rox Graph Theory Framework] - An open-source plug-in framework for graph theory visualization.
+
* [http://touchgraph.sourceforge.net/ TouchGraph] - Library for building graph-based interfaces.
+
  
==Journals and Conferences==
+
|-
* [http://www.palgrave-journals.com/ivs/index.html Information Visualization Journal]
+
|rowspan=1| [[libewf|ewfacquire]]
* [http://rw4.cs.uni-sb.de/~diehl/softvis/seminar/index.php?goto=seminar ACM Symposium on Software Visualization]
+
|security*/20100226 <!-- opensuse -->
==Research Groups==
+
|?              <!-- fedora-->
===Berkeley===
+
|?              <!-- debian-->
* [http://bailando.sims.berkeley.edu/infovis.html Bailando Visualization]
+
|?              <!-- ubuntu-->
* [http://vis.berkeley.edu/ Berkeley Visualization Lab]
+
|a imaging tool to create ewf format images  <!-- comment -->
===Brown===
+
|ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
* [http://www.cs.brown.edu/people/rt/gd.html Roberto Tamassia's resources on Graph Drawing]
+
===Stanford===
+
* [http://window.stanford.edu/projects/rivet/ Rivet Project] (Visualization complex systems)
+
===UNM===
+
* [http://www.msi.umn.edu/user_support/scivis/scivis-list.html Scientific Visualization at the Supercomputing Institute]
+
===Wattenberg===
+
* [http://www.bewitched.com/ Bewitched], a one-man research group.
+
==See Also==
+
* [http://www-static.cc.gatech.edu/gvu/ii/resources/infovis.html GVU's Information Visualization Resources link farm]
+
* [http://directory.google.com/Top/Science/Math/Combinatorics/Software/Graph_Drawing/ Google Directory of Graph Drawing Software]
+
* [http://directory.fsf.org/science/visual/ GNU Free Software directory of scientific visualization software]
+
* [http://www.manageability.org/blog/stuff/open-source-graph-network-visualization-in-java/view Open Source Graph Network Visualization in Java]
+
* [http://www.insna.org/INSNA/soft_inf.html INSNA's web page of Computer Programs for Social Network Analysis]
+
* http://www.dmoz.org/Science/Math/Combinatorics/Software/Graph_Drawing/
+
* http://www.ontopia.net/omnigator/models/index.jsp
+
* http://visant.bu.edu/
+
* http://sourceforge.net/projects/touchgraph/
+
  
CAIDA has 15+ years of work visualizing Internet topologies. You may find their tools to be useful:
+
|-
* http://www.caida.org/tools/visualization/
+
|rowspan=1| [[LinEn]]
* http://www.caida.org/publications/visualizations/
+
|N/A <!-- opensuse -->
* http://www.caida.org/tools/visualization/walrus/gallery1/
+
|?              <!-- fedora-->
* http://www.caida.org/research/topology/as_core_network/
+
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a proprietary imaging tool to create ewf format images  <!-- comment -->
 +
|included on the Helix boot CD<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[guymager]]
 +
|N/A<!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images  <!-- comment -->
 +
|Guymager is an open source forensic imager. It focuses on user friendliness and high speed. <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [http://sourceforge.net/projects/rdd rdd]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool, with forensic imaging features  <!-- comment -->
 +
|Rdd is robust with respect to read errors<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
 +
|Archiving:Backup/1.52 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool<!-- comment -->
 +
|Designed to work well when IBS != OBS.  Working with tape is an example.<!-- General Remarks -->
 +
 
 +
|}
 +
 
 +
*package will appear in the base release with the next full distribution release.

Revision as of 20:28, 24 February 2012

There are a number of linux distributions.

In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.

Repository Setup

openSUSE

For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:

  • security
  • devel:languages:perl
  • devel:languages:python

This is most easily done from the command line via (assumes openSUSE 12.1):

sudo zypper ar -f http://download.opensuse.org/repositories/security/openSUSE_12.1 security
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_12.1 perl
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1 python

zypper lr               # used to verify you have the repos installed

fedora

debian

ubuntu

Computer Forensic Tools

Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.

As an example, aimage is in the openSUSE security repository and it is version 3.2.5

Imaging Tools

Tool openSUSE fedora debian ubuntu comment General Remarks
adepto N/A ? ? ? adepto is included in the helix boot cd
aimage security/3.2.5 ? ? ? a imaging tool to create aff format images aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended for creating aff images.
AIR N/A ? ? ? Automated Image and Restore a GUI front-end to dd and dc3dd designed for easily creating forensic bit images
dc3dd security*/7.1.614 ? ? ? DoD Cyber Crime Center DD This tool was formerly known as dcfldd. When released as dc3dd it was totally rewritten.
ddrescue Base/1.14 ? ? ? Also known as GNU ddrescue This tool is different than dd_rescue.
dd_rescue N/A ? ? ? This tool is different than GNU ddrescue.
IXimager N/A ? ? ? A law enforcement only imager used in conjunction with ILook Investigator
ewfacquire security*/20100226 ? ? ? a imaging tool to create ewf format images ewfacquire is part of ewftools in some distributions.
LinEn N/A ? ? ? a proprietary imaging tool to create ewf format images included on the Helix boot CD
guymager N/A ? ? ? a imaging tool to create aff format images Guymager is an open source forensic imager. It focuses on user friendliness and high speed.
rdd N/A ? ? ? a dd-like tool, with forensic imaging features Rdd is robust with respect to read errors
sdd Archiving:Backup/1.52 ? ? ? a dd-like tool Designed to work well when IBS != OBS. Working with tape is an example.
  • package will appear in the base release with the next full distribution release.