|
|
FTimes
FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. FTimes is a lightweight tool in the sense that it doesn't need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface.
|
|
Add_recl
The Add_recl program is designed to help reformat (variable length) carriage return delimited records.
|
|
AIM Password Decoder
During a forensic examination - you may find it necessary to identify as many passwords used by the suspect as possible. This may be to assist with the decryption of other encrypted data or to link the suspect with the computer, etc. This utility will decrypt AOL Instant Messenger Passwords.
|
|
Autoruns
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
|
|
Autostart Viewer
Autostart Viewer allows you to see every autostart on your system, all on the one screen. In addition, it gives you complete control over the autostart references, and allows you to modify or delete them at will.
|
|
Bates_no
Bates_no is a program which helps attorneys(or anyone using the Bates numbering system) to identify e-documents. While many programs can be used for Bates stamping individual pages in e-documents, few will assign Bates numbers to the filenames. Bates_no will. This feature is useful in identifying files for discovery and evidentiary purposes as well as for records management. The program was developed at the request of an attorney specializing in forensic processing of computer data and designed with his assistance.
|
|
BIEW
BIEW is multiplatform portable viewer of binary files with built-in editor in binary, hexadecimal and disassembler modes. It uses native Intel syntax for disassemble. Highlight AVR/Java/Athlon64/Pentium 4/K7-Athlon disassembler, russian codepages convertor, full preview of formats - MZ, NE, PE, NLM, coff32, elf partial - a.out, LE, LX, PharLap
|
|
BinText
A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.
|
|
Boot.com
This program is a small 5 byte com file that will reboot the system. It is used when running batch files that may need to have an unattended reboot of the system. The boot.com program will do a cold boot on most systems. However, on some 486's it appears to do a warm boot. This program only runs as a DOS program.
|
|
Brandit
Brandit is designed to allow administrative officials the capability of putting "ownership" information on hard disk drives. This information will generally contain ownership and assignment information. When a branded computer is stolen and later recovered by police, they can run their reader copy(downloadable for free at this website) and identify its owner. It does not require any external monitoring station. Brandit is also used for inventory and assignment control purposes within corporations and organizations.
|
|
Bsearch
Using a very fast, binary search algorithm the Bsearch program allows you to search a file(s) for occurrences of specific keys. The program allows you to search a fixed length record file on a sorted field for the occurrence of specified search keys. Because of the algorithm used, the search is almost instantaneous. Consider the bsearch algorithm similar to searching an indexed data base for a key in one of the indexed fields. The response time is negligible.
|
|
bsed
bsed searches for a binary string in a file. If a replace string is given, bsed copies infile to outfile, replacing all instances of the search string with the replace string.
|
|
BXDR
This utility will display the FULL sector count on a hard disk drive, including any "protected areas" that utilities such as SafeBack and Encase miss when imaging. BXDR will also allow you to resize a hard disk and will display whether a disk is password protected. BXDR was the first commercial tool to allow a user to set and unset the Host Protected Area.
|
|
Actions
Category Stats