Forensics

Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy... Platforms: *nix

PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit).Ptk-forensics was developed from scratch and besides providing the functions already present in Autopsy. It also implements numerous new features essential during forensic activity. Platforms: PHP

mac-robber is a digital forensics and incident response tool that can be used with The Sleuth Kit to create a timeline of file activity for mounted file systems. Platforms: *nix

UserTracking 2 is a tool that works closely together with Radiator and 802.1x in an attempt to facilitate forensics investigations. It does this by linking network layer 2 (i.e. MAC addresses) to network layer 3 (i.e. IP addresses). Since 802.1x keeps logs of users and MAC addresses while... Platforms: *nix

Vinetto project is a forensics tool to examine Thumbs.db files. The project is a command line python script that works on Linux, Mac OS X and Cygwin(win32). Usage: Usage: vinetto [OPTIONS] [-s] [-U] [-o DIR] file options: --version show programs version number and exit -h, --help show... Platforms: *nix

Fenris is a suite of tools suitable for code analysis, debugging, protocol analysis, reverse engineering, forensics, diagnostics, security audits, vulnerability research and many other purposes. The main logical components are: - Fenris: high-level tracer, a tool that detects the logic used... Platforms: *nix

Impost is a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. Theres two different kinds of operating modes used by Impost; It can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates... Platforms: *nix

mac-robber is a digital forensics and incident response tool that can be used with The Sleuth Kit to create a timeline of file activity for mounted file systems. Platforms: Mac, BSD, Solaris, Linux

Mac OS X's installation media includes a number of very useful tools for resetting passwords, diagnosing hardware issues, cloning drives, copying data, checking and repairing filesystems, managing disks, and even conducting forensics if you're so inclined. However, there are a number of... Platforms: Mac

It's an acronym for "Open Digital Evidence Search and Seizure Architecture" The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings.... Platforms: Mac

Ubuntu Rescue Remix is a GNU/Linux live system which runs from CD or USB flash device. It provides the data recovery specialist with a command-line interface environment equipped with the best free-libre, open source data recovery and forensics tools available. Platforms: *nix

dc3dd is a patched version of GNU dd to include a number of features useful for computer forensics. Many of these features were inspired by dcfldd, but were rewritten for dc3dd. Pattern writes. The program can write a single hexadecimal value or a text string to the output device for wiping... Platforms: *nix

Disk Investigator helps you to discover all that is hidden on your computer hard disk. It can also help you to recover lost data. Display the true drive contents by bypassing the operating system and directly reading the raw drive sectors. View and search raw directories, files, clusters, and... Platforms: Windows

DEFT (acronym of Digital Evidence & Forensic Toolkit) is a customized Linux distribution of the Kubuntu live Linux CD. It is a very easy to use system that includes an excellent hardware detection and the best open source applications dedicated to incident response and computer forensics.... Platforms: *nix

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. Its a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to... Platforms: *nix

Distributed Aide Runtime Controller is a multi-threaded Python application designed for managing AIDE installations in large heterogeneous networks. AIDE is an open-source improvement upon the academic release of Tripwire. It can be used to detect filesystem changes in unix environments, which... Platforms: *nix

Browser History Viewer allows you to examine the contents of web browser history files and export the data. Currently it supports Internet Explorer and Mozilla/Firefox. Browser History Viewer meant to be a forensics tool. It meant to be a forensics tool. BHV is licensed under the terms of... Platforms: *nix

Trinux is a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM, loads it packages from an HTTP/FTP server, a FAT/NTFS/ISO filesystem, or additional floppies. Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet... Platforms: *nix

Fakebust provides a malicious exploit discriminator. Fakebust is a program that assists with the rapid assessment and supervised execution of potentially malicious programs such as exploits or utilities of unknown origin, programs recovered during OS forensics, or acquired from a honeypot.... Platforms: *nix

Plan-B is a bootable Linux environment without the need for a hard drive, it runs entirely in ram or from the cd, based on a basic, stripped installation of Red Hat Linux and the fundamental workings of the SuperRescue CD. A list of tools and utilities are also included for projects such as: *... Platforms: *nix