|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : I've seen requests in several listservs for listings of free tools that people use during examinations, and most often, the response is something akin to contact me off list . In my mind, that kind of defeats the purpose of the listserv...why not just close it down and move everyone to Craigslist Regardless, I thought that this would be a good way to start and even maintain a list of free tools or at least some that have trials demos available that can have been used during computer forensic examinations on Windows systems. I'll start by providing tools that I use, as well as links to other tools, and from there, I will expand the list as I receive information ie, comments, emails, etc. General Tools Perl - 'nuff said mostly for creating my own tools Strings BinText Acquisition FTK Imager - great for opening raw ie, dd images, .EOx files, .vmdk files, etc - even allows you to acquire other formats to raw dd. Also great for selected file extraction from the image, when you don't need everything dd - George M. Garner Jr's FAU Image Mounting IMDisk - great free tool for mounting Windows images on Windows systems, in read-only mode VDKWin - another free tool P2Explorer - from Paraben free, requires registration Image Analysis TSK Tools - I've used mmls and fls mostly, but blkls is extremely useful, as well ProDiscover, Basic Edition AntiVirus Scanners Timeline Creation Tools TSK tools, pasco, Perl scripts, etc. - Perl scripts available from the Win4n6 Yahoo Group Internet Evidence Finder JADSoftware - also, check out the Encrypted Disk Detector Carving - foremost, scalpel, PhotoRec DiskDigger - from Dmitry Brant also check out NTFSWalker File Document Metadata Structured Storage Extractor - view contents of structured storage OLE files this used to mean just MS Office pre-2007 documents, but on Windows 7, this now means Sticky Notes, etc. OffVis fact sheet - Office 2007 document metadata script - look for cat_open_xml.pl other tools available, as well Skype Extractor - PDF Tools - from Didier Stevens some of Didier's tools have been incorporated into the VirusTotal site MSI files - InstEd Working with Email Email Conversion Tools - may not be free AvTech - Perl script Emailchemy - from Weird Kid Software demo available Mail-Cure - free, described here Aid4Mail - free trial available Intella - from Vound Software doesn't require that Outlook be installed trial available File Hashing MD5Deep - also allows for other hashing algorithms SSDeep - fuzzy hashing is also incorporated into VirusTotal Registry Analysis RegRipper - includes rip, ripXP, and regslack MiTeC Registry File Viewer Pwdump7 or SAMInside - great way to get password hashes for cracking Archive Compression Utilities IZArc PeaZip Other utilities Memory Analysis Volatility - XP SP 2 3 only Memoryze - from Mandiant Packet Analysis Tools for extracting files from streams - not all of the tools listed run on Windows Misc U3 Launcher Log parser Sites Various thumbnail cache extractor applications can be found here. NirSoft has a variety of free and useful utilities available. RedWolf Computer Forensics - various parsing tools Any you'd like to add Comment, or email me.
Les derniers articles du site "Windows Incident Response" :
- Training Philosophy
- Cool Stuff, re WMI Persistence
- Windows Registry Forensics, 2E
- Event Logs
- Links Plugin Updates and Other Things
- Tools, Links, From the Trenches, part deux
- From the Trenches
- Updated samparse.pl plugin
- The Need for Instrumentation
- Analysis
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
