ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "THE FARMER'S BOOT CD" and "Ssdeep"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = THE FARMER'S BOOT CD |
+
   name = ssdeep |
   maintainer = [[Thomas Rude]] |
+
   maintainer = [[Jesse Kornblum]] |
   os = {{Linux}}, {{Windows}} |
+
   os = [[Linux]], [[Windows]], [[OS X]], [[BSD]], [[Solaris]] |
   genre = {{Live CD}} |
+
   genre = [[Hashing]] |
   license = ??? |
+
   license = {{GPL}} |
   website = [http://www.forensicbootcd.com/ forensicbootcd.com] |
+
   website = [http://ssdeep.sourceforge.net/ ssdeep.sf.net] |
 
}}
 
}}
  
'''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude'). Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
 
  
== Preview Capabilities ==
+
ssdeep is a program for computing and matching [[Context Triggered Piecewise Hashing]] values. It is based on a spam detector called [http://samba.org/ftp/unpacked/junkcode/spamsum/ spamsum] by [http://en.wikipedia.org/wiki/Andrew_Tridgell Andrews Trigdell].  
 
+
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
+
 
+
Below is a short list of what can be accomplished in a simple GUI on this CD;
+
 
+
* Mount file systems read-only, including journalled file system types
+
* Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
+
* Undelete deleted files from NTFS file systems
+
* Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
+
* Read the Recycle Bin INFO2 records
+
* Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
+
* Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
+
* Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
+
* Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
+
* Catalog target file system, selecting files of interest by extension or header
+
* Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
+
* Generate thumbnails for all graphics in fully qualified path filename
+
* Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
+
* Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
+
* Obtain system hardware catalog
+
* Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
+
  
 
== External Links ==
 
== External Links ==
  
* [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD.
+
* [http://ssdeep.sourceforge.net/ Official website]
* [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.
+
 
+
  
=See Also=
+
Category:Cross-platform
[[FCCU_Gnu/Linux_Boot_CD]]
+

Revision as of 04:34, 27 February 2007

ssdeep
Maintainer: Jesse Kornblum
OS: Linux, Windows, OS X, BSD, Solaris
Genre: Hashing
License: GPL
Website: ssdeep.sf.net


ssdeep is a program for computing and matching Context Triggered Piecewise Hashing values. It is based on a spam detector called spamsum by Andrews Trigdell.

External Links

Category:Cross-platform