|
|
| Line 4: |
Line 4: |
| | * [ftp://ftp.astron.com/pub/file/ file] (detects file type) | | * [ftp://ftp.astron.com/pub/file/ file] (detects file type) |
| | * [http://www.uitwisselplatform.nl/projects/libewf/ libewf] (EnCase / Expert Witness image format support) | | * [http://www.uitwisselplatform.nl/projects/libewf/ libewf] (EnCase / Expert Witness image format support) |
| − |
| |
| | | | |
| − |
| |
| − | =General Digital Investigation Sites=
| |
| − | (in alphabetical order)
| |
| − | * [http://www.forensix.org/ Computer Forensics, Cybercrime and Steganography Resources]
| |
| − | * [http://www.e-evidence.info/ E-Evidence Info]
| |
| − | * [http://www.forensicswiki.org/ Forensics Wiki]
| |
| − | * [http://www.linux-forensics.com/ Linux-Forensics]
| |
| − | * [http://www.opensourceforensics.org/ Open Source Forensics]
| |
| − |
| |
| − |
| |
| − | = Forensic Tool Testing=
| |
| − | (in alphabetical order)
| |
| − | * [http://groups.yahoo.com/group/cftt/ CFTT Yahoo Groups List]
| |
| − | * [http://dftt.sourceforge.net/ Digital Forensic Tool Testing Images]
| |
| − | * [http://www.cftt.nist.gov/ NIST Computer Forensic Tool Testing] (and [http://cfreds.nist.gov/ CFReDS])
| |
| − |
| |
| − |
| |
| − |
| |
| − | =Bootable CDs (without The Sleuth Kit)=
| |
| − | (in alphabetical order)
| |
| − | * [http://www.knopper.net/knoppix/index-en.html Knoppix]
| |
| − | * [http://sourceforge.net/projects/plac/ PLAC]
| |
| − |
| |
| − |
| |
| − | =UNIX-based File System Analysis Tools=
| |
| − | * [http://sourceforge.net/projects/biatchux/ fatback]: Analyze and recover deleted FAT files from Linux
| |
| − | * [http://foremost.sourceforge.net/ foremost]: Carves out files based on header and footer values
| |
| − | * [http://md5deep.sourceforge.net/ md5deep]: Recursive md5sum with database lookups.
| |
| − | * [http://www.porcupine.org/forensics/tct.html The Coroner's Toolkit (TCT)]: The original UNIX-based forensic toolkit
| |
| − | * [http://www.asrdata.com/SMART/ SMART for Linux]: Not open source, but it is Linux-based.
| |
| − | * [http://www.dfrws.org/2006/challenge/submissions/index.html Carving tools] for DFRWS 2006 Carving Challenge
| |
| | | | |
| | =File Hash Databases= | | =File Hash Databases= |
| Line 46: |
Line 14: |
| | * [http://www.rpm.org/ RPM] Use on Linux systems with '-V -a' to identify binaries that are different than the local database says | | * [http://www.rpm.org/ RPM] Use on Linux systems with '-V -a' to identify binaries that are different than the local database says |
| | * [http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl Solaris Fingerprint Database] | | * [http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl Solaris Fingerprint Database] |
| − |
| |
| − |
| |
| − | =Volume System Documents=
| |
| − | (in alphabetical order)
| |
| − | * [http://www.win.tue.nl/~aeb/partitions/partition_tables.html Minimal Parition Table Specification] (Andries Brouwer)
| |
| − | * [http://www.win.tue.nl/~aeb/partitions/partition_types.html Partition Types] (Andries Brouwer)
| |
| − |
| |
| − | =Disk Acquisition Tools=
| |
| − | (in alphabetical order)
| |
| − | * [http://air-imager.sourceforge.net/ Automated Image and Restore (AIR)]: (Linux X GUI for 'dd')
| |
| − | * [http://sourceforge.net/projects/biatchux/ DCFL dd]: 'dd' for Unix with MD5s
| |
| − | * [http://users.erols.com/gmgarner/forensics/ George Garner's Acquisition Tools]: 'dd' for Windows
| |
| − | * [http://www.gnu.org/software/fileutils/fileutils.html GNU File Utils]: 'dd' for Unix
| |
| − | * [http://www.securityfocus.com/tools/137 netcat]: Network transport
| |
| − | * [http://unxutils.sourceforge.net/ UnxUtils]: 'dd' for Windows
| |
