Difference between pages "DomainKeys Identified Mail" and "DEFT Linux 2"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Added reference)
 
(New page: == Tools included == '''Deft v2 computer and network forensic packages list:''' : - sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer : - au...)
 
Line 1: Line 1:
{{Expand}}
+
== Tools included ==
  
'''DomainKeys Identified Mail''' ('''DKIM''') is a method for signing email messages to help eliminate spam.
+
'''Deft v2 computer and network forensic packages list:'''
  
The signature in each message should give the domain (<tt>d=</tt>) and selector (<tt>s=</tt>). The appropriate key can be retrived as a TXT [[Domain Name System|DNS]] record from the host <tt>''selector''._domainkey.''domain''</tt> [http://www.elandsys.com/resources/sendmail/dkim.html]. A sample message from Gmail had the following DKIM header:
+
: - sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer
 +
: - autopsy, graphical interface to the command line digital investigation tools in The Sleuth Kit
 +
: - aff lib, advanced forensic format
 +
: - gpart, tool which tries to guess the primary partition table of a PC-type hard disk
 +
: - dd rescue, copy data from one file or block device to another
 +
: - foremost, console program to recover files based on their headers, footers, and internal data structures
 +
: - hex dump, combined hex and ascii dump of any file
 +
: - khex edit, a versatile and customizable hex editor
 +
: - steg detect, a steganography detection software
 +
: - outguess, a stegano tool
 +
: - ophcrack, Windows password recovery
 +
: - wireshark, network sniffer
 +
: - ettercap, network sniffer
 +
: - nessus, vulnerability and security scanner (client)
 +
: - nessusd, vulnerability and security scanner (server)
 +
: - nmap, the best network scanner
 +
: - airsnort, wireless LAN (WLAN) tool which recovers encryption keys
 +
: - kismet, sniffer and intrusion detection system that work with any wireless card
 +
: - dmraid, discover software RAID devices
 +
: - testdisk, tool to recover damaged partitions
 +
: - qtparted, a Partition Magic clone written in C++ using the Qt toolkit
 +
: - vinetto, tool to examine Thumbs.db files
 +
: - trID, tool to identify file types from their binary signatures
 +
: - readpst, a tools to read ms-Outlook pst files
 +
: - john, John the Ripper password cracker
 +
: - Clam, Anti Virus
  
<pre>
 
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
 
        d=gmail.com; s=beta;
 
</pre>
 
  
We can thus retrieve the Gmail key with:
+
'''Deft utility package list:'''
  
<pre>$ host -t txt beta._domainkey.gmail.com
+
: - linux Kernel 2.6.20
beta._domainkey.gmail.com descriptive text "t=y\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3oNfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZEWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niRsZF/IBr5p8uQIDAQAB"</pre>
+
: - lkDE 3.5.6
 
+
: - k3b
 
+
: - krdc
== External Links ==
+
: - rdesktop
* [http://www.dkim.org/ Official website]
+
: - samba client
* [http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail Wikipedia entry on DKIM]
+
: - open SSH client & server

Revision as of 09:48, 2 May 2007

Tools included

Deft v2 computer and network forensic packages list:

- sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer
- autopsy, graphical interface to the command line digital investigation tools in The Sleuth Kit
- aff lib, advanced forensic format
- gpart, tool which tries to guess the primary partition table of a PC-type hard disk
- dd rescue, copy data from one file or block device to another
- foremost, console program to recover files based on their headers, footers, and internal data structures
- hex dump, combined hex and ascii dump of any file
- khex edit, a versatile and customizable hex editor
- steg detect, a steganography detection software
- outguess, a stegano tool
- ophcrack, Windows password recovery
- wireshark, network sniffer
- ettercap, network sniffer
- nessus, vulnerability and security scanner (client)
- nessusd, vulnerability and security scanner (server)
- nmap, the best network scanner
- airsnort, wireless LAN (WLAN) tool which recovers encryption keys
- kismet, sniffer and intrusion detection system that work with any wireless card
- dmraid, discover software RAID devices
- testdisk, tool to recover damaged partitions
- qtparted, a Partition Magic clone written in C++ using the Qt toolkit
- vinetto, tool to examine Thumbs.db files
- trID, tool to identify file types from their binary signatures
- readpst, a tools to read ms-Outlook pst files
- john, John the Ripper password cracker
- Clam, Anti Virus


Deft utility package list:

- linux Kernel 2.6.20
- lkDE 3.5.6
- k3b
- krdc
- rdesktop
- samba client
- open SSH client & server