Tools:File Analysis

From Forensics Wiki
Revision as of 22:14, 13 June 2007 by Simsong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Open Source Tools

file
The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
ldd
...
ltrace
...
strace
...
strings
Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
Galleta
Parses cookie files. http://www.foundstone.com/resources/proddesc/galleta.htm
The Open Computer Forensics Architecture
http://ocfa.sourceforge.net/
Pasco
Parses 'index.dat files. http://www.foundstone.com/resources/proddesc/pasco.htm
Rifiuti
Examines the INFO2 file in the Recycle Bin http://www.foundstone.com/resources/proddesc/rifiuti.htm
yim2text
Extracts the 'encrypted' info in yahoo instant messenger log files. http://www.1vs0.com/tools.html
Hachoir
determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
Cygwin
http://www.cygwin.com/
Linux like environment for Windows
UnxUtils
http://unxutils.sourceforge.net/
Common unix utilities compiled for a Windows environment.

NDA and scoped distribution tools