Difference between pages "Xplico" and "Tapeworm"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Xplico |
+
   name = TAPEWORM |
   maintainer = [[Gianluca Costa & Andrea de Franceschi]] |
+
   maintainer = [[Douglas Koster]] |
   os = {{Linux}} |
+
   os = [[Linux]] |
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
   license = {{GPL}} |
+
   license = unknown |
   website = [http://www.xplico.org www.xplico.org] |
+
   website = [http://feedthetapeworm.com/ feedthetapeworm.com/] |
 
}}
 
}}
  
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.
+
From the [http://feedthetapeworm.com/ project site]:
<h2>Features</h2>
+
 
            <ul>
+
TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.
              <li>Protocols supported: [http://www.xplico.org/status HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
+
 
              <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
+
TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:
              <li>Multithreading;</li>
+
* [[log2timeline]]
              <li>Output data and information in SQLite database or MySQL database and/or files;</li>
+
* bulk_extractor
              <li>At each data reassembled by Xplico is associated a [[XML]] file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
+
* regripper
              <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
+
* exiftool
              <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
+
* volatility
              <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
+
* Anti-Virus Scanning
              <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
+
* Find Files of Interest
            </ul>
+
 
 +
== Tools ==
 +
 
 +
== History ==
 +
 
 +
== External Links ==
 +
 
 +
* [http://feedthetapeworm.com/ Project site]

Revision as of 00:41, 17 September 2012

TAPEWORM
Maintainer: Douglas Koster
OS: Linux
Genre: Analysis
License: unknown
Website: feedthetapeworm.com/

From the project site:

TAPEWORM (TASC Pre-processing Exploaitation & Workflow Management system) is a 64 bit Xubuntu based Virtual Machine designed to automate a number of open source tools.

TAPEWORM uses a custom GUI as well as underlying python scripts to automate the following open source tools:

  • log2timeline
  • bulk_extractor
  • regripper
  • exiftool
  • volatility
  • Anti-Virus Scanning
  • Find Files of Interest

Tools

History

External Links