(Page 4 of 6)   < Prev  1 2 3 4 5 6  Next >

Category: Auditing » Forensics

AIDE (Advanced Intrusion Detection Environment)
Added 2002-02-11
by Rami Lehti and Pablo Virolainen
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Added 2002-02-05
by Arne Vidstrom
PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.

Added 2002-02-05
by Arne Vidstrom
macMatch lets you search for files by their last write, last access or creation time without changing any of these times. A tool like this can be useful in a forensic investigation.

Added 2002-02-05
by Arne Vidstrom
LNS is a tool that searches for NTFS streams (aka alternate data streams or multiple data streams). This can be useful in a forensic investigation.

The Coroner's Toolkit (TCT)
Added 2001-12-18
by Dan Farmer and Wietse Venema
TCT is a collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in. The software was presented first during a free Computer Forensics Analysis class that we gave one year ago (almost to the day). Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files.

Added 2001-12-06
by jgrand@atstake.com
The first tool of its kind for forensic analysis of Palm OS platform devices. pdd (Palm dd) is a Windows-based tool for Palm OS memory imaging and forensic acquisition. The Palm OS Console Mode is used to acquire memory card information and to create a bit-for-bit image of the selected memory region. No data is modified on the target device and the data retrieval is not detectable by the user of the PDA. Source code is available for research and legal verification purposes.

Modular Syslog
Added 2001-12-05
by Alejo
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).

Added 2001-11-22
by H. Carvey
Hasher.pl is a script that creates a Tk GUI to implement a hashing utility for NT/2K. I wrote this at the request of a friend, and he specifically wanted a GUI. The script was successfully compiled using Perl2Exe, and the resulting standalone .exe file was successfully tested on NT SP6a and 2K SP2.

Added 2001-10-31
by Christo Butcher
The binary streak is the core tool in this distribution; it will perform the actual reading, processing, hashing, writing, etc. of the data. This binary has been compiled and tested on OpenBSD 2.9, so that is the recommended platform for it's use. The floppy contains a minature OpenBSD 2.9 installation, that can run streak. See below for more information on the floppy version. A overview and short explanation of the supported options can be obtained by running the streak binary without any commandline flags, or by supplying the -h flag. If the given options aren't complete, the help overview will be given, followed by a reasonalby descriptive error message.

Added 2001-10-22
by Crucial Security
CrucialADS is a GUI based Alternate Data Stream scanning tool. CrucialADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus