From Forensics Wiki
Revision as of 17:15, 15 November 2007 by Frank
Open Source Tools
- The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
- Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
- Parses cookie files. http://www.foundstone.com/resources/proddesc/galleta.htm
- Parses 'index.dat files. http://www.foundstone.com/resources/proddesc/pasco.htm
- Examines the INFO2 file in the Recycle Bin http://www.foundstone.com/resources/proddesc/rifiuti.htm
- Extracts the 'encrypted' info in yahoo instant messenger log files. http://www.1vs0.com/tools.html
- determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
File Sharing Analysis Tools
- P2P Marshal
- Tools to discover and analyze peer-to-peer files for Windows.