Difference between pages "THE FARMER'S BOOT CD" and "Ssdeep"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = THE FARMER'S BOOT CD |
+
   name = ssdeep |
   maintainer = [[Thomas Rude]] |
+
   maintainer = [[Jesse Kornblum]] |
   os = {{Linux}}, {{Windows}} |
+
   os = [[Linux]], [[Windows]], [[OS X]], [[BSD]], [[Solaris]] |
   genre = {{Live CD}} |
+
   genre = [[Hashing]] |
   license = ??? |
+
   license = {{GPL}} |
   website = [http://www.forensicbootcd.com/ forensicbootcd.com] |
+
   website = [http://ssdeep.sourceforge.net/ ssdeep.sf.net] |
 
}}
 
}}
  
'''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude'). Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
 
  
== Preview Capabilities ==
+
ssdeep is a program for computing and matching [[Context Triggered Piecewise Hashing]] values. It is based on a spam detector called [http://samba.org/ftp/unpacked/junkcode/spamsum/ spamsum] by [http://en.wikipedia.org/wiki/Andrew_Tridgell Andrews Trigdell].  
 
+
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
+
 
+
Below is a short list of what can be accomplished in a simple GUI on this CD;
+
 
+
* Mount file systems read-only, including journalled file system types
+
* Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
+
* Undelete deleted files from NTFS file systems
+
* Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
+
* Read the Recycle Bin INFO2 records
+
* Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
+
* Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
+
* Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
+
* Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
+
* Catalog target file system, selecting files of interest by extension or header
+
* Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
+
* Generate thumbnails for all graphics in fully qualified path filename
+
* Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
+
* Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
+
* Obtain system hardware catalog
+
* Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
+
  
 
== External Links ==
 
== External Links ==
  
* [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD.
+
* [http://ssdeep.sourceforge.net/ Official website]
* [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.
+
 
+
  
=See Also=
+
Category:Cross-platform
[[FCCU_Gnu/Linux_Boot_CD]]
+

Revision as of 23:34, 26 February 2007

ssdeep
Maintainer: Jesse Kornblum
OS: Linux, Windows, OS X, BSD, Solaris
Genre: Hashing
License: GPL
Website: ssdeep.sf.net


ssdeep is a program for computing and matching Context Triggered Piecewise Hashing values. It is based on a spam detector called spamsum by Andrews Trigdell.

External Links

Category:Cross-platform