ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "DomainKeys Identified Mail" and "DEFT Linux 2"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Added reference)
 
(New page: == Tools included == '''Deft v2 computer and network forensic packages list:''' : - sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer : - au...)
 
Line 1: Line 1:
{{Expand}}
+
== Tools included ==
  
'''DomainKeys Identified Mail''' ('''DKIM''') is a method for signing email messages to help eliminate spam.
+
'''Deft v2 computer and network forensic packages list:'''
  
The signature in each message should give the domain (<tt>d=</tt>) and selector (<tt>s=</tt>). The appropriate key can be retrived as a TXT [[Domain Name System|DNS]] record from the host <tt>''selector''._domainkey.''domain''</tt> [http://www.elandsys.com/resources/sendmail/dkim.html]. A sample message from Gmail had the following DKIM header:
+
: - sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer
 +
: - autopsy, graphical interface to the command line digital investigation tools in The Sleuth Kit
 +
: - aff lib, advanced forensic format
 +
: - gpart, tool which tries to guess the primary partition table of a PC-type hard disk
 +
: - dd rescue, copy data from one file or block device to another
 +
: - foremost, console program to recover files based on their headers, footers, and internal data structures
 +
: - hex dump, combined hex and ascii dump of any file
 +
: - khex edit, a versatile and customizable hex editor
 +
: - steg detect, a steganography detection software
 +
: - outguess, a stegano tool
 +
: - ophcrack, Windows password recovery
 +
: - wireshark, network sniffer
 +
: - ettercap, network sniffer
 +
: - nessus, vulnerability and security scanner (client)
 +
: - nessusd, vulnerability and security scanner (server)
 +
: - nmap, the best network scanner
 +
: - airsnort, wireless LAN (WLAN) tool which recovers encryption keys
 +
: - kismet, sniffer and intrusion detection system that work with any wireless card
 +
: - dmraid, discover software RAID devices
 +
: - testdisk, tool to recover damaged partitions
 +
: - qtparted, a Partition Magic clone written in C++ using the Qt toolkit
 +
: - vinetto, tool to examine Thumbs.db files
 +
: - trID, tool to identify file types from their binary signatures
 +
: - readpst, a tools to read ms-Outlook pst files
 +
: - john, John the Ripper password cracker
 +
: - Clam, Anti Virus
  
<pre>
 
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
 
        d=gmail.com; s=beta;
 
</pre>
 
  
We can thus retrieve the Gmail key with:
+
'''Deft utility package list:'''
  
<pre>$ host -t txt beta._domainkey.gmail.com
+
: - linux Kernel 2.6.20
beta._domainkey.gmail.com descriptive text "t=y\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3oNfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZEWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niRsZF/IBr5p8uQIDAQAB"</pre>
+
: - lkDE 3.5.6
 
+
: - k3b
 
+
: - krdc
== External Links ==
+
: - rdesktop
* [http://www.dkim.org/ Official website]
+
: - samba client
* [http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail Wikipedia entry on DKIM]
+
: - open SSH client & server

Revision as of 13:48, 2 May 2007

Tools included

Deft v2 computer and network forensic packages list:

- sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer
- autopsy, graphical interface to the command line digital investigation tools in The Sleuth Kit
- aff lib, advanced forensic format
- gpart, tool which tries to guess the primary partition table of a PC-type hard disk
- dd rescue, copy data from one file or block device to another
- foremost, console program to recover files based on their headers, footers, and internal data structures
- hex dump, combined hex and ascii dump of any file
- khex edit, a versatile and customizable hex editor
- steg detect, a steganography detection software
- outguess, a stegano tool
- ophcrack, Windows password recovery
- wireshark, network sniffer
- ettercap, network sniffer
- nessus, vulnerability and security scanner (client)
- nessusd, vulnerability and security scanner (server)
- nmap, the best network scanner
- airsnort, wireless LAN (WLAN) tool which recovers encryption keys
- kismet, sniffer and intrusion detection system that work with any wireless card
- dmraid, discover software RAID devices
- testdisk, tool to recover damaged partitions
- qtparted, a Partition Magic clone written in C++ using the Qt toolkit
- vinetto, tool to examine Thumbs.db files
- trID, tool to identify file types from their binary signatures
- readpst, a tools to read ms-Outlook pst files
- john, John the Ripper password cracker
- Clam, Anti Virus


Deft utility package list:

- linux Kernel 2.6.20
- lkDE 3.5.6
- k3b
- krdc
- rdesktop
- samba client
- open SSH client & server