Difference between revisions of "Reference Documents"
From SleuthKitWiki
(Copied from sleuthkit.org/links.php) |
|||
| Line 24: | Line 24: | ||
=Bootable CDs (without The Sleuth Kit)= | =Bootable CDs (without The Sleuth Kit)= | ||
| + | (in alphabetical order) | ||
* Knoppix | * Knoppix | ||
* PLAC | * PLAC | ||
| Line 37: | Line 38: | ||
=File Hash Databases= | =File Hash Databases= | ||
| − | + | (in alphabetical order) | |
* CyberAbuse Rootk(it)ID project | * CyberAbuse Rootk(it)ID project | ||
* Hash Keeper | * Hash Keeper | ||
| Line 57: | Line 58: | ||
=Volume System Documents= | =Volume System Documents= | ||
| + | (in alphabetical order) | ||
* Minimal Parition Table Specification (Andries Brouwer) | * Minimal Parition Table Specification (Andries Brouwer) | ||
* Partition Types (Andries Brouwer) | * Partition Types (Andries Brouwer) | ||
=Disk Acquisition Tools= | =Disk Acquisition Tools= | ||
| + | (in alphabetical order) | ||
* Automated Image and Restore (AIR): (Linux X GUI for 'dd') | * Automated Image and Restore (AIR): (Linux X GUI for 'dd') | ||
* DCFL dd: 'dd' for Unix with MD5s | * DCFL dd: 'dd' for Unix with MD5s | ||
Revision as of 19:57, 4 June 2007
Contents
Tools and Libraries that are used by The Sleuth Kit
(in alphabetical order)
- AFFLib (AFF image format support)
- file (detects file type)
- libewf (EnCase / Expert Witness image format support)
General Digital Investigation Pages
(in alphabetical order)
- Computer Forensics, Cybercrime and Steganography Resources
- E-Evidence Info
- Linux-Forensics
- Open Source Forensics
Forensic Tool Testing
(in alphabetical order)
- CFTT Yahoo Groups List
- Digital Forensic Tool Testing Images
- NIST Computer Forensic Tool Testing (and CFReDS)
Bootable CDs (without The Sleuth Kit)
(in alphabetical order)
- Knoppix
- PLAC
UNIX-based File System Analysis Tools
- fatback: Analyze and recover deleted FAT files from Linux
- foremost: Carves out files based on header and footer values
- md5deep: Recursive md5sum with database lookups.
- The Coroner's Toolkit (TCT): The original UNIX-based forensic toolkit
- SMART for Linux: Not open source, but it is Linux-based.
- Carving tools for DFRWS 2006 Carving Challenge
File Hash Databases
(in alphabetical order)
- CyberAbuse Rootk(it)ID project
- Hash Keeper
- KnownGoods
- NIST NSRL SW Fingerprint Database
- RPM Use on Linux systems with '-V -a' to identify binaries that are different than the local database says
- Solaris Fingerprint Database
File System Documents
NTFS
- Linux NTFS Documentation
FAT
- FAT32 File System Specifcation 1.03 (MS)
EXT2FS
- Design and Implementation of the Second Extended File System (Card, Ts'o, and Tweedie)
- Linux EXT2FS Undeletion mini-HOWTO (Aaron Crane)
EXT3FS
- EXT3, Journaling Filesystem (Tweedie)
Volume System Documents
(in alphabetical order)
- Minimal Parition Table Specification (Andries Brouwer)
- Partition Types (Andries Brouwer)
Disk Acquisition Tools
(in alphabetical order)
- Automated Image and Restore (AIR): (Linux X GUI for 'dd')
- DCFL dd: 'dd' for Unix with MD5s
- George Garner's Acquisition Tools: 'dd' for Windows
- GNU File Utils: 'dd' for Unix
- netcat: Network transport
- UnxUtils: 'dd' for Windows
