Tools:File Analysis

From ForensicsWiki
Revision as of 16:33, 20 December 2007 by Cmihai (Talk | contribs) (Added ldd, truss, strace, ltrace, ktrace, valgrind, xtrace, DTrace)

Jump to: navigation, search

Image Analysis

SurfRecon LE rapid image analysis tool, by SurfRecon, Inc.

Open Source Tools

The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
list dynamic dependencies of executable files
Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
Library call tracer
System Call Tracer
eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
Enables kernel process tracing on OpenBSD.
Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
Parses cookie files.
The Open Computer Forensics Architecture
Parses 'index.dat files.
Examines the INFO2 file in the Recycle Bin
Extracts the 'encrypted' info in yahoo instant messenger log files.
determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
Linux like environment for Windows
Common unix utilities compiled for a Windows environment.

File Sharing Analysis Tools

P2P Marshal
Tools to discover and analyze peer-to-peer files for Windows.

NDA and scoped distribution tools