ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Xplico" and "Tapeworm"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Xplico |
+
   name = TAPEWORM |
   maintainer = [[Gianluca Costa & Andrea de Franceschi]] |
+
   maintainer = [[Douglas Koster]] |
   os = {{Linux}} |
+
   os = [[Linux]] |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
   license = {{GPL}} |
+
   license = unknown |
   website = [http://www.xplico.org www.xplico.org] |
+
   website = [http://feedthetapeworm.com/ feedthetapeworm.com/] |
 
}}
 
}}
  
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.
+
From the [http://feedthetapeworm.com/ project site]:
<h2>Features</h2>
+
 
            <ul>
+
TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.
              <li>Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
+
 
              <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
+
TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:
              <li>Multithreading;</li>
+
* [[log2timeline]]
              <li>Output data and information in SQLite database or MySQL database and/or files;</li>
+
* bulk_extractor
              <li>At each data reassembled by Xplico is associated a [[XML]] file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
+
* regripper
              <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
+
* exiftool
              <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
+
* volatility
              <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
+
* Anti-Virus Scanning
              <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
+
* Find Files of Interest
            </ul>
+
 
 +
== Tools ==
 +
 
 +
== History ==
 +
 
 +
== External Links ==
 +
 
 +
* [http://feedthetapeworm.com/ Project site]

Revision as of 05:41, 17 September 2012

TAPEWORM
Maintainer: Douglas Koster
OS: Linux
Genre: Analysis
License: unknown
Website: feedthetapeworm.com/

From the project site:

TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.

TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:

  • log2timeline
  • bulk_extractor
  • regripper
  • exiftool
  • volatility
  • Anti-Virus Scanning
  • Find Files of Interest

Tools

History

External Links