(Page 3 of 6)   < Prev  1 2 3 4 5 6  Next >

Category: Auditing » Forensics

Added 2004-02-10
by robinkeir@foundstone.com
A file change monitor. Used with BlackICE Defender. FileWatch (originally called ICEWatch 1.x) is a small utility that can monitor a given file for changes. Monitoring can detect file size changes or simply file writes, both with minimal impact on system resources (no polling is performed). The primary use of this utility is for monitoring changes in the log file of a personal firewall program and being able to spawn a separate application when changes are detected, but the tool can be applied to any number of other uses.

Added 2003-12-23
by Ivan Ristic
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.

IDA Pro - Freeware Edition
Added 2003-12-15
by DataRescue Inc.
The freeware version of the Interactive Disassembler Pro. Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.

Autopsy Forensic Browser
Added 2002-07-29
by @stake
The Autopsy Forensic Browser is an HTML-based graphical interface to The @stake Sleuth Kit (TASK). Together, TASK and Autopsy Forensic Browser are an open source alternative to the common Windows-based digital forensic tools. Autopsy provides an investigator with an HTML-based graphical interface that allows one to browse images from compromised systems in a "File Manager"-like interface. Windows and UNIX file systems can be analyzed to view deleted files, create time lines of file activity, and perform key word searches.

The @stake Sleuth Kit (TASK)
Added 2002-07-29
by @stake
The @stake Sleuth Kit (TASK) is the only open source forensic toolkit for a complete analysis of Microsoft and UNIX file systems. TASK enables investigators to identify and recover evidence from images acquired during incident response or from live systems. TASK is also open source, allowing investigators to verify the actions of the tool or customize it to specific needs.

Added 2002-03-14
by William Salusky
FIRE, the Forensic and Incident Response Environment, (formerly known as Biatchux) is a portable, bootable CD-ROM-based distribution providing an immediate environment for performing forensics analysis, data recovery, virus scanning, and pen-testing. It also provides the necessary tools for live forensics/analysis/incident response.

Added 2002-02-26
by Foundstone
Vision, Foundstone's newest forensic product, is an essential part of a computer security professional's tool-kit. Vision maps all of a host's executables to corresponding ports, allowing you to identify and investigate suspicious services. Vision enables you to interrogate suspect services to identify backdoors and Trojan applications. If a malicious service is identified, Vision allows you to immediately kill it.

The Forensic ToolKit
Added 2002-02-26
by Foundtone, Inc.
The Forensic ToolKit contains several Win32 Command line tools that help you examine the files on a NTFS disk partition for unauthorized activity. This tool is a file properties analyzer. It performs numerous functions such as examine the files on a disk drive for unauthorized activity, lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files and data streams. The Forensic toolkit will also dump file and security attributes, report on audited files, discover altered ACL's and see if a server reveals too much info via NULL sessions.

Added 2002-02-26
by Foundstone Inc.
A binary file byte-patching utility. This is driven by a simple scripting language. It can patch sequences of bytes in any file, search for byte patterns (with wildcards) and also extract and utilize DLL exported function addresses as source positions in files to be patched.

Added 2002-02-20
by Arne Vidstrom
ListModules lists the modules (EXE's and DLL's) that are loaded into a process. This can for example be useful in a forensic investigation. More information can be found in the ListModules FAQ located here: http://www.ntsecurity.nu/toolbox/listmodules/faq.shtml

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus