ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "DEFT Linux 2" and "Libevt"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = DEFT v2 Linux |
+
   name = libevt |
   maintainer = [[Stefano Fratepietro]] |
+
   maintainer = [[Joachim Metz]] |
   os = {{Linux}} |
+
   os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
   genre = {{Live CD}} |
+
   genre = {{Analysis}} |
   license = {{GPL}}, others |
+
   license = {{LGPL}} |
   website = [http://www.deftlinux.net http://www.deftlinux.net] |
+
   website = [http://code.google.com/p/libevt/ code.google.com/p/libevt/] |
 
}}
 
}}
  
'''DEFT v2''' is a [[Live CD]] built on top of Kubuntu 7.04 with the best tools for Computer Forensic and incident response.
+
The '''libevt''' package contains a library and applications to read [[Windows Event Log (EVT)]] files.
  
== Tools included ==
+
== History ==  
  
'''Deft v2 computer and network forensic packages list:'''
+
Libevt was created by [[Joachim Metz]] in 2011.
  
: - [[Sleuthkit]], collection of UNIX-based command line tools that allow you to investigate a computer
+
== Tools ==
: - [[Autopsy]], graphical interface to the command line digital investigation tools in The Sleuth Kit
+
The '''libevt''' package contains the following tools:
: - [[AFF]] lib, advanced forensic format
+
* '''evtinfo''', which shows information about EVT files.
: - gpart, tool which tries to guess the primary partition table of a PC-type hard disk
+
* '''evtexport''', which exports information from EVT files.
: - dd rescue, copy data from one file or block device to another
+
: - [[foremost]], console program to recover files based on their headers, footers, and internal data structures
+
: - hexdump, combined hex and ascii dump of any file
+
: - khexedit, a versatile and customizable hex editor
+
: - stegdetect, a steganography detection software
+
: - outguess, a stegano tool
+
: - ophcrack, Windows password recovery
+
: - [[wireshark]], network sniffer
+
: - ettercap, network sniffer
+
: - nessus, vulnerability and security scanner (client)
+
: - nessusd, vulnerability and security scanner (server)
+
: - [[nmap]], the best network scanner
+
: - airsnort, wireless LAN (WLAN) tool which recovers encryption keys
+
: - [[kismet]], sniffer and intrusion detection system that work with any wireless card
+
: - dmraid, discover software RAID devices
+
: - [[testdisk]], tool to recover damaged partitions
+
: - qtparted, a Partition Magic clone written in C++ using the Qt toolkit
+
: - [[vinetto]], tool to examine Thumbs.db files
+
: - trID, tool to identify file types from their binary signatures
+
: - [[libpst | readpst]], a tools to read ms-Outlook pst files
+
: - john, john the ripper password cracker
+
: - clam, antivirus
+
  
'''Deft v2 utility package list:'''
+
== External Links ==
  
: - Linux Kernel 2.6.20
+
* [http://code.google.com/p/libevt/ libevt project site]
: - KDE 3.5.6
+
: - k3b
+
: - krdc
+
: - rdesktop
+
: - [[VMware]] client
+
: - Samba client
+
: - OpenSSH client & server
+
: - speedcrunch
+

Revision as of 09:05, 21 July 2012

libevt
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: code.google.com/p/libevt/

The libevt package contains a library and applications to read Windows Event Log (EVT) files.

History

Libevt was created by Joachim Metz in 2011.

Tools

The libevt package contains the following tools:

  • evtinfo, which shows information about EVT files.
  • evtexport, which exports information from EVT files.

External Links