From Forensics Wiki
Revision as of 12:04, 11 September 2008 by .FUF
Closed Source Tools
- Examines the INFO2 file in the Recycle Bin.
Open Source Tools
- The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
- List dynamic dependencies of executable files.
- Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
- eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
- Enables kernel process tracing on OpenBSD.
- Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
- Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
- Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
- Parses cookie files.
- Parses index.dat files.
- MS Windows Recycle Bin INFO2 parser
- Extracts the 'encrypted' info in Yahoo Instant Messenger log files.
- Determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
- Microsoft Subsystem for UNIX-based Applications.
File Sharing Analysis Tools
- P2P Marshal
- Tools to discover and analyze peer-to-peer files for Windows.