Difference between revisions of "Reference Documents"

From SleuthKitWiki
Jump to: navigation, search
(Copied from sleuthkit.org/links.php)
 
 
(8 intermediate revisions by one user not shown)
Line 1: Line 1:
=Tools and Libraries that are used by The Sleuth Kit=
+
=Tools and Libraries that are used by [[The Sleuth Kit]]=
 
(in alphabetical order)
 
(in alphabetical order)
 
* [http://www.afflib.org/ AFFLib] (AFF image format support)
 
* [http://www.afflib.org/ AFFLib] (AFF image format support)
 
* [ftp://ftp.astron.com/pub/file/ file] (detects file type)
 
* [ftp://ftp.astron.com/pub/file/ file] (detects file type)
 
* [http://www.uitwisselplatform.nl/projects/libewf/ libewf] (EnCase / Expert Witness image format support)
 
* [http://www.uitwisselplatform.nl/projects/libewf/ libewf] (EnCase / Expert Witness image format support)
 
  
  
=General Digital Investigation Pages=
+
=File Hash Databases=
 
(in alphabetical order)
 
(in alphabetical order)
* [http://www.forensix.org/ Computer Forensics, Cybercrime and Steganography Resources]
+
* [http://rk.cyberabuse.org/?page=credits CyberAbuse Rootk(it)ID project]
* [http://www.e-evidence.info/ E-Evidence Info]
+
* [http://www.hashkeeper.org/ Hash Keeper]
* [http://www.linux-forensics.com/ Linux-Forensics]
+
* [http://www.knowngoods.org/ KnownGoods]
* [http://www.opensourceforensics.org/ Open Source Forensics]
+
* [http://www.nsrl.nist.gov/ NIST NSRL SW Fingerprint Database]
 
+
* [http://www.rpm.org/ RPM] Use on Linux systems with '-V -a' to identify binaries that are different than the local database says
 
+
* [http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl Solaris Fingerprint Database]
= Forensic Tool Testing=
+
(in alphabetical order)
+
* [http://groups.yahoo.com/group/cftt/ CFTT Yahoo Groups List]
+
* [http://dftt.sourceforge.net/ Digital Forensic Tool Testing Images]
+
* [http://www.cftt.nist.gov/ NIST Computer Forensic Tool Testing] (and [http://cfreds.nist.gov/ CFReDS])
+
 
+
 
+
 
+
=Bootable CDs (without The Sleuth Kit)=
+
* Knoppix
+
* PLAC
+
 
+
 
+
=UNIX-based File System Analysis Tools=
+
* fatback: Analyze and recover deleted FAT files from Linux
+
* foremost: Carves out files based on header and footer values
+
* md5deep: Recursive md5sum with database lookups.
+
* The Coroner's Toolkit (TCT): The original UNIX-based forensic toolkit
+
* SMART for Linux: Not open source, but it is Linux-based.
+
* Carving tools for DFRWS 2006 Carving Challenge
+
 
+
=File Hash Databases=
+
 
+
* CyberAbuse Rootk(it)ID project
+
* Hash Keeper
+
* KnownGoods
+
* NIST NSRL SW Fingerprint Database
+
* RPM Use on Linux systems with '-V -a' to identify binaries that are different than the local database says
+
* Solaris Fingerprint Database
+
 
+
=File System Documents=
+
==NTFS==
+
* Linux NTFS Documentation
+
==FAT==
+
* FAT32 File System Specifcation 1.03 (MS)
+
==EXT2FS==
+
* Design and Implementation of the Second Extended File System (Card, Ts'o, and Tweedie)
+
* Linux EXT2FS Undeletion mini-HOWTO (Aaron Crane)
+
==EXT3FS==
+
* EXT3, Journaling Filesystem (Tweedie)
+
 
+
=Volume System Documents=
+
* Minimal Parition Table Specification (Andries Brouwer)
+
* Partition Types (Andries Brouwer)
+
 
+
=Disk Acquisition Tools=
+
* Automated Image and Restore (AIR): (Linux X GUI for 'dd')
+
* DCFL dd: 'dd' for Unix with MD5s
+
* George Garner's Acquisition Tools: 'dd' for Windows
+
* GNU File Utils: 'dd' for Unix
+
* netcat: Network transport
+
* UnxUtils: 'dd' for Windows
+

Latest revision as of 20:11, 5 June 2012

Tools and Libraries that are used by The Sleuth Kit

(in alphabetical order)

  • AFFLib (AFF image format support)
  • file (detects file type)
  • libewf (EnCase / Expert Witness image format support)


File Hash Databases

(in alphabetical order)

Retrieved from "http://wiki.sleuthkit.org/index.php?title=Reference_Documents&oldid=703"