Difference between pages "DEFT Linux 1" and "Tapeworm"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = DEFT v1 Linux |
+
   name = TAPEWORM |
   maintainer = [[Stefano Fratepietro]] |
+
   maintainer = [[Douglas Koster]] |
   os = {{Linux}} |
+
   os = [[Linux]] |
   genre = {{Live CD}} |
+
   genre = {{Analysis}} |
   license = {{GPL}}, others |
+
   license = unknown |
   website = [http://www.stevelab.net/deft] |
+
   website = [http://feedthetapeworm.com/ feedthetapeworm.com/] |
 
}}
 
}}
  
'''DEFT v1''' is a [[Live CD]] built on top of Kubuntu 6.10 with the best tools for Computer Forensic and incident response.
+
From the [http://feedthetapeworm.com/ project site]:
  
== Tools included ==
+
TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.
  
'''Deft computer and network forensic packages list:'''
+
TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:
 +
* [[log2timeline]]
 +
* bulk_extractor
 +
* regripper
 +
* exiftool
 +
* volatility
 +
* Anti-Virus Scanning
 +
* Find Files of Interest
  
: - sleuthkit, collection of UNIX-based command line tools that allow you to investigate a computer
+
== Tools ==
: - autopsy, graphical interface to the command line digital investigation tools in The Sleuth Kit
+
: - aff lib, advanced forensic format
+
: - gpart, tool which tries to guess the primary partition table of a PC-type hard disk
+
: - dd rescue, copy data from one file or block device to another
+
: - foremost, console program to recover files based on their headers, footers, and internal data structures
+
: - hex dump, combined hex and ascii dump of any file
+
: - khex edit, a versatile and customizable hex editor
+
: - steg detect, a steganography detection software
+
: - outguess, a stegano tool
+
: - ophcrack, Windows password recovery
+
: - wireshark, network sniffer
+
: - ettercap, network sniffer
+
: - nessus, vulnerability and security scanner
+
: - nmap, the best network scanner
+
: - airsnort, wireless LAN (WLAN) tool which recovers encryption keys
+
: - kismet, sniffer and intrusion detection system that work with any wireless card
+
: - dmraid, discover software RAID devices
+
: - testdisk, tool to recover damaged partitions
+
: - qtparted, a Partition Magic clone written in C++ using the Qt toolkit
+
: - vinetto, tool to examine Thumbs.db files
+
: - trID, tool to identify file types from their binary signatures
+
: - readpst, a tools to read ms-Outlook pst files
+
  
'''Deft utility package list:'''
+
== History ==
 
+
: - linux Kernel 2.6.17
+
: - lkDE 3.5.5
+
: - k3b
+
: - samba client
+
: - open SSH client & server
+
 
+
 
+
and mutch more...
+
  
 
== External Links ==
 
== External Links ==
  
* [http://www.stevelab.net/deft Official Website]
+
* [http://feedthetapeworm.com/ Project site]

Revision as of 00:41, 17 September 2012

TAPEWORM
Maintainer: Douglas Koster
OS: Linux
Genre: Analysis
License: unknown
Website: feedthetapeworm.com/

From the project site:

TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.

TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:

  • log2timeline
  • bulk_extractor
  • regripper
  • exiftool
  • volatility
  • Anti-Virus Scanning
  • Find Files of Interest

Tools

History

External Links