Difference between pages "DEFT Linux 2" and "Libevt"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = DEFT v2 Linux |
+
   name = libevt |
   maintainer = [[Stefano Fratepietro]] |
+
   maintainer = [[Joachim Metz]] |
   os = {{Linux}} |
+
   os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
   genre = {{Live CD}} |
+
   genre = {{Analysis}} |
   license = {{GPL}}, others |
+
   license = {{LGPL}} |
   website = [http://www.deftlinux.net http://www.deftlinux.net] |
+
   website = [http://code.google.com/p/libevt/ code.google.com/p/libevt/] |
 
}}
 
}}
  
'''DEFT v2''' is a [[Live CD]] built on top of Kubuntu 7.04 with the best tools for Computer Forensic and incident response.
+
The '''libevt''' package contains a library and applications to read [[Windows Event Log (EVT)]] files.
  
== Tools included ==
+
== History ==  
  
'''Deft v2 computer and network forensic packages list:'''
+
Libevt was created by [[Joachim Metz]] in 2011.
  
: - [[Sleuthkit]], collection of UNIX-based command line tools that allow you to investigate a computer
+
== Tools ==
: - [[Autopsy]], graphical interface to the command line digital investigation tools in The Sleuth Kit
+
The '''libevt''' package contains the following tools:
: - [[AFF]] lib, advanced forensic format
+
* '''evtinfo''', which shows information about EVT files.
: - gpart, tool which tries to guess the primary partition table of a PC-type hard disk
+
* '''evtexport''', which exports information from EVT files.
: - dd rescue, copy data from one file or block device to another
+
: - [[foremost]], console program to recover files based on their headers, footers, and internal data structures
+
: - hexdump, combined hex and ascii dump of any file
+
: - khexedit, a versatile and customizable hex editor
+
: - stegdetect, a steganography detection software
+
: - outguess, a stegano tool
+
: - ophcrack, Windows password recovery
+
: - [[wireshark]], network sniffer
+
: - ettercap, network sniffer
+
: - nessus, vulnerability and security scanner (client)
+
: - nessusd, vulnerability and security scanner (server)
+
: - [[nmap]], the best network scanner
+
: - airsnort, wireless LAN (WLAN) tool which recovers encryption keys
+
: - [[kismet]], sniffer and intrusion detection system that work with any wireless card
+
: - dmraid, discover software RAID devices
+
: - [[testdisk]], tool to recover damaged partitions
+
: - qtparted, a Partition Magic clone written in C++ using the Qt toolkit
+
: - [[vinetto]], tool to examine Thumbs.db files
+
: - trID, tool to identify file types from their binary signatures
+
: - [[libpst | readpst]], a tools to read ms-Outlook pst files
+
: - john, john the ripper password cracker
+
: - clam, antivirus
+
  
'''Deft v2 utility package list:'''
+
== External Links ==
  
: - Linux Kernel 2.6.20
+
* [http://code.google.com/p/libevt/ libevt project site]
: - KDE 3.5.6
+
: - k3b
+
: - krdc
+
: - rdesktop
+
: - [[VMware]] client
+
: - Samba client
+
: - OpenSSH client & server
+
: - speedcrunch
+

Revision as of 04:05, 21 July 2012

libevt
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: code.google.com/p/libevt/

The libevt package contains a library and applications to read Windows Event Log (EVT) files.

History

Libevt was created by Joachim Metz in 2011.

Tools

The libevt package contains the following tools:

  • evtinfo, which shows information about EVT files.
  • evtexport, which exports information from EVT files.

External Links