Difference between pages "Apple Safari" and "Tools:File Analysis"
From Forensics Wiki
(Difference between pages)
Joachim Metz (Talk | contribs) |
m (another one) |
||
| Line 1: | Line 1: | ||
| − | + | == Image Analysis == | |
| − | + | ; [[SurfRecon LE rapid image analysis tool]] by SurfRecon, Inc. | |
| + | : http://www.surfrecon.com | ||
| − | == | + | == Closed Source Tools == |
| − | + | ||
| − | + | ; [[Rifiuti]] | |
| − | + | : Examines the INFO2 file in the Recycle Bin. | |
| − | / | + | : http://www.foundstone.com/us/resources/proddesc/rifiuti.htm |
| − | + | ||
| − | + | ; [[Pasco]] | |
| − | + | : Parses ''index.dat'' files. | |
| + | : http://www.foundstone.com/us/resources/proddesc/pasco.htm | ||
| − | + | ; [[Galleta]] | |
| − | + | : Parses cookie files. | |
| − | / | + | : http://www.foundstone.com/us/resources/proddesc/galleta.htm |
| − | + | ||
| − | == | + | == Open Source Tools == |
| − | + | ||
| − | + | ; [[file]] | |
| + | : The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes. | ||
| − | + | ; [[ldd]] | |
| − | + | : List dynamic dependencies of executable files. | |
| − | [[ | + | ; [[truss]] |
| − | [[ | + | : Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr. |
| − | [[ | + | : http://docs.sun.com/app/docs/doc/819-2239/truss-1?l=en&a=view&q=truss |
| + | |||
| + | ; [[ltrace]] | ||
| + | : Library call tracer. | ||
| + | : http://linux.die.net/man/1/ltrace | ||
| + | |||
| + | ; [[strace]] | ||
| + | : System Call Tracer. | ||
| + | : http://sourceforge.net/projects/strace/ | ||
| + | |||
| + | ; [[xtrace]] | ||
| + | : eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more. | ||
| + | : http://sourceforge.net/projects/xtrace/ | ||
| + | |||
| + | ; [[ktrace]] | ||
| + | : Enables kernel process tracing on OpenBSD. | ||
| + | : http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html | ||
| + | |||
| + | ; [[Valgrind]] | ||
| + | : Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired. | ||
| + | : http://valgrind.org/ | ||
| + | |||
| + | ; [[DTrace]] | ||
| + | : Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs. | ||
| + | : http://www.sun.com/bigadmin/content/dtrace/ | ||
| + | |||
| + | ; [[strings]] | ||
| + | : Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc. | ||
| + | |||
| + | ; The [[Open Computer Forensics Architecture]] | ||
| + | : http://ocfa.sourceforge.net/ | ||
| + | |||
| + | ; dumpster_dive.pl | ||
| + | : MS Windows Recycle Bin INFO2 parser | ||
| + | : http://jafat.sourceforge.net/files.html | ||
| + | |||
| + | ; cookie_cruncher.pl | ||
| + | : MS IE cookie file parser | ||
| + | : http://jafat.sourceforge.net/files.html | ||
| + | |||
| + | ; [[yim2text]] | ||
| + | : Extracts the 'encrypted' info in Yahoo Instant Messenger log files. | ||
| + | : http://www.1vs0.com/tools.html | ||
| + | |||
| + | ; [[Hachoir]] | ||
| + | : Determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats. | ||
| + | |||
| + | ; [[Cygwin]] | ||
| + | : http://www.cygwin.com/ | ||
| + | : Linux like environment for Windows. | ||
| + | |||
| + | ; [[UnxUtils]] | ||
| + | : http://unxutils.sourceforge.net/ | ||
| + | : Common unix utilities compiled for a Windows environment. | ||
| + | |||
| + | ; [[GnuWin32]] | ||
| + | : http://gnuwin32.sourceforge.net/ | ||
| + | : Common GNU utilities compiled for a Windows Environment. | ||
| + | |||
| + | ; [[SUA]] | ||
| + | : http://www.microsoft.com/windowsserver2003/R2/unixcomponents/webinstall.mspx | ||
| + | : Microsoft Subsystem for UNIX-based Applications. | ||
| + | |||
| + | == File Sharing Analysis Tools == | ||
| + | ; [[P2PMarshal|P2P Marshal]] | ||
| + | : Tools to discover and analyze peer-to-peer files for Windows. | ||
| + | |||
| + | == [[NDA]] and [[scoped distribution]] tools == | ||
Revision as of 02:00, 18 September 2008
Contents |
Image Analysis
- SurfRecon LE rapid image analysis tool by SurfRecon, Inc.
- http://www.surfrecon.com
Closed Source Tools
- Rifiuti
- Examines the INFO2 file in the Recycle Bin.
- http://www.foundstone.com/us/resources/proddesc/rifiuti.htm
- Pasco
- Parses index.dat files.
- http://www.foundstone.com/us/resources/proddesc/pasco.htm
- Galleta
- Parses cookie files.
- http://www.foundstone.com/us/resources/proddesc/galleta.htm
Open Source Tools
- file
- The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
- ldd
- List dynamic dependencies of executable files.
- truss
- Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
- http://docs.sun.com/app/docs/doc/819-2239/truss-1?l=en&a=view&q=truss
- ltrace
- Library call tracer.
- http://linux.die.net/man/1/ltrace
- strace
- System Call Tracer.
- http://sourceforge.net/projects/strace/
- xtrace
- eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
- http://sourceforge.net/projects/xtrace/
- ktrace
- Enables kernel process tracing on OpenBSD.
- http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
- Valgrind
- Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
- http://valgrind.org/
- DTrace
- Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
- http://www.sun.com/bigadmin/content/dtrace/
- strings
- Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
- dumpster_dive.pl
- MS Windows Recycle Bin INFO2 parser
- http://jafat.sourceforge.net/files.html
- cookie_cruncher.pl
- MS IE cookie file parser
- http://jafat.sourceforge.net/files.html
- yim2text
- Extracts the 'encrypted' info in Yahoo Instant Messenger log files.
- http://www.1vs0.com/tools.html
- Hachoir
- Determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
- Cygwin
- http://www.cygwin.com/
- Linux like environment for Windows.
- UnxUtils
- http://unxutils.sourceforge.net/
- Common unix utilities compiled for a Windows environment.
- GnuWin32
- http://gnuwin32.sourceforge.net/
- Common GNU utilities compiled for a Windows Environment.
- SUA
- http://www.microsoft.com/windowsserver2003/R2/unixcomponents/webinstall.mspx
- Microsoft Subsystem for UNIX-based Applications.
File Sharing Analysis Tools
- P2P Marshal
- Tools to discover and analyze peer-to-peer files for Windows.
