< Prev 1 2 3 4 5 6 Next >
Category: Auditing » Forensics
Belkasoft Forensic IM Extractor
This tool for e-crime/forensic professionals eases their work on analysing Internet Messengers histories. No password required. Supports various IMs: ICQ versions 99a up to ICQ5, MSN Messenger, Yahoo! Messenger, &RQ, Miranda. Supports deep ICQ analysis using different methods (with and without usage of index file) that allows user to extract even deleted and overwritten messages. The latter ability is indispensable for e-crime professionals. A number of different options available like filtering messages by time, sent/received type, user; ability to convert history to ICQ5 format; multibyte codepages are supported. More info at http://belkasoft.com.
darc - Distributed Aide Runtime Controller
darc is a multi-threaded Python application designed for managing AIDE installations in large heterogeneous networks. It provides centralized database management, unified reporting, and eliminates the need to maintain Aide databases and binaries on read-only media.
Elcomsoft Distributed Password Recovery
Elcomsoft Distributed Password Recovery (EDPR) offers administrators a comprehensive solution for recovering passwords to Microsoft Office documents when employees forget or lost their passwords. EDPR lets you coordinate all of the unused computing power of every computer on your LAN or WAN, and use distributed processing to restore the lost password by installing the "agents" onto as many computers on the network as the user desires; each of these agents uses brute force to try to recover the lost password. EDPR restores passwords for Word and Excel documents encrypted with 40 bit keys (Office 97/2000 compatible) as well as more recent documents (Office XP/2003) encrypted with CSP. Office 97/2000 documents can be also decrypted by recovery of encryption keys instead of password, and that type of attack gives a guaranteed result regardless of password length and complexity.
Advanced Archive Password Recovery
Advanced Archive Password Recovery is a program to recover lost or forgotten passwords for ZIP(PKZip/WinZip), ARJ/WinARJ, RAR/WinRAR and ACE/WinACE (1.x) archives. Supports the customizable "brute-force" attack, effectively optimized for speed (for traditional ZIP encryption, up to 15 million passwords per second on Pentium 4); dictionary-based attack, and very fast and effective known-plaintext attack. Supports strong WinZip encryption (AES). Multilangual interface is provided.
The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis. The idea of IRCR is that anyone could run the tool and send the output to a skilled computer security professional for further analysis. IRCR v2 is a complete code change from Perl to DOS batch file. Anyone should be able to modify the batch file to their needs.
The Webtracer is a professional forensic tool to trace internet identities such as a website owners, the sender of an e-mail etc. Each internet resource (IP address, server name, e-mail address, URL etc.) can be investigated to retrieve underlying relations and owner details. The Webtracer also allows in depth analysis of e-mail headers and can be used to analyse logfiles after a possible intrusion.
Proactive Password Auditor
Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000, Windows XP and and Windows Server 2003-based systems administrators to identify and close security holes in their networks. Proactive Password Auditor helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. The software supports a few different methods of obtaining password hashes for further attack/audit: from dump files (generated by 3rd party tools like pwdump/pwdump2/pwdump3), Registry of local computer, binary Registry files (SAM and SYSTEM), memory of local computer, and memory of remote computers (Domain Controllers), including ones running Active Directory. The product features brute-force and dictionary attacks on LM and NTLM password hashes, effectively optimized for speed, plus "rainbow" attack, that uses pre-computed hash tables that allow to find most passwords in minutes instead of days or weeks.
Proactive System Password Recovery
Proactive System Password Recovery is a program to recover all types of Windows passwords: logon password (when user is logged on and has Admin privileges), screensaver password, .NET Passport password, RAS and dial-up passwords, passwords to shared resources, SYSKEY startup password, passwords stored in cached credentials, Wireless (WEP and WPA-PSK) encryption keys etc. The program also shows all users and groups (with their properties), allows to run any programs in other user's context, show password history hashes, read password hashes from SAM and SYSTEM files, read Protected Storage records, decrypt Windows scripts, reveal passwords hidden under the asterisks, enable disabled controls, and run brute-force and dictionary attacks on PWL files (Windows 9x). Finally, it shows product IDs and CD keys for Windows, Microsoft Office and other Microsoft software installed.
Bitform Discover is a powerful utility that quickly analyzes individual documents or whole collections of documents and reports on more than two dozen potentially sensitive hidden data elements. Discover supports Microsoft Word, Excel and PowerPoint file formats.
UndeleteSMS can recover deleted SMS messages from a GSM SIM card.
Browse by category