Definition of Forensic Tools
Forensic tools are tools used in the process of investigating data processing equipment-- typically a home computer, laptop, server, or office workstation-- to determine if the equipment has been used for illegal, unauthorized, or unusual activities.
|
|
Forensic Tools
|
|
Regmon
Regmon is a Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing - all in real-time. This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed. With Regmon you'll see how the values and keys changed.
Read the Article
|
Resource Hacker
Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.
Read the Article
|
Rootkit Hunter
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
Read the Article
|
samhain
samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.
Read the Article
|
Stripe Snoop
Stripe Snoop is a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripe cards. The data is captured through different hardware interfaces (or stdin), the contents decoded into the correct character set, and then a CDDB-like database attempts to figure out what the contents mean.
Read the Article
|
tenshi
tenshi (formerly wasabi) is a log monitoring program designed to watch a log file for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues that have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to them, or to send periodic reports.
Read the Article
|
The Coroner's Toolkit
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999 (handouts can be found here). Examples of using TCT can be found in our Forensic Discovery book.
Read the Article
|
The Sleuth Kit
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. The focus of the tools is the file system and TSK supports FAT, Ext2/3, NTFS, and UFS file systems. A more detailed description can be found here.
Read the Article
|
TList
The TList tool is a task-list application that prints a list of tasks to standard out (stdout). It can be used to determine the Process ID.
Read the Article
|
Unhide: a Forensic Tool to Uncover Hidden Processes
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
Read the Article
|
|
|
Page: 1 2 3 4 5
Members currently browsing this category:
|
|
