cs2025 Forensic Software and Recovery Software for UNIX, Linux, Windows, and Mac OS XThis product includes a number of different software packages for forensic examination of computer data. The packages are, in most cases distributed as compressed archives, and the user is expected to be prepared to expand these archives using the programs that are appropriate, and to follow the installation procedures. A few distributions are in the form of ISO CD images, which should be used to create bootable recovery CD's. The CD includes the following:FORENSIC SOFTWARE August 2010TULP2G - A .NET based forensic software framework for extracting anddecoding data stored in electronic devices. Suitable for Windows 2000and Windows XP Distributed under the BSD License. Sleuth - The Sleuth Kit is a C++ library and collection of open sourcefile system forensics tools that allow you to, among other things,view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+,and ISO9660 images. The Autopsy Forensic Browser provides a graphicalinterface to The Sleuth Kit. IBM Public License. Runs under allLinux/UNIX/BSD Platforms, including Mac OS X. Autopsy Forensics Browser - A graphical interface to The Sleuth KitAutopsy allows one to view allocated and deleted file system contentin a "File Manager" style interface and perform keyword searches. Distributed pursuant to the GNU General Public License. Runs on all Linux/UNIX/BSD Platforms, including Mac OS X. ODESSA - The Open Digital Evidence Search and Seizure Architecture isa cross-platform framework for performing Computer Forensics andIncident Response. GNU General Public License. For all 32-bitMicrosoft Windows (95/98/NT/2000/XP), and all Linux/BSD/UNIX systems,including Mac OS X Foremost - A linux tool for conducting forensic examinations. Althoughdeveloped for law enforcement purposes, it is also useful in othercontexts. Foremost extracts information from a file such as a dd imagefile of a disk partition. Foremost is in the Public Domain. Runs onany Linux/BSD/UNIX type system. PLAC - Portable Linux Auditing CD - A bootable cdrom running linux. Ithas network auditing, disk recovery, and forensic analysis tools. ISOimage. GNU General Public License. For all Linux/BSD/UNIX typeoperating systems. AIR - Automated Image and Restore - A GUI front-end to dd/dcfldd,designed to facilitate creation of forensic bit images. It supportsverification via MD5/SHA1, SCSI tape drives, acquisition over a TCP/IPconnection, splitting of images, and detailed session logging. AIR iscapable of auto-detection of IDE and SCSI drives, CD-ROMs, and tapedrives. It has many operational options.mac-robber - A digital forensics and incident response tool. It can beused with the Sleuth Kit to create a timeline of file activity formounted file systems. GNU General Public License. For allLinux/BSD/UNIX type systems, including Mac OS X. LiveView - A forensics tool that creates a VMware virtual machine outof a raw (dd-style) disk image. This allows an examiner to "boot up"the image and gain an interactive, user-level perspective of theenvironment, all without modifying the image. LiveView is written inJava (Swing) and runs on 32-bit Windows systems. It is distributedunder the terms of the GNU General Public License.NetworkMiner - A Network Forensic Analysis Tool (NFAT) for Windowsthat can detect the OS, hostname and open ports of network hoststhrough packet sniffing or by parsing a PCAP file. NetworkMiner canalso extract transmitted files from network traffic. It is written inC#.net and runs on 32-bit Windows systems. NetworkMiner is releasedunder the GNU General Public License.dcfldd - An Enhanced version of gnu dd with features useful forforensics and security. Key features include on-the-fly hashing,status output and faster disk wiping. It is written in C and runs onall Linux/UNIX type systems. The dcfldd package is made availableunder the terms of the GNU General Public License.NFI Defraser - Defraser - A forensic analysis application that can beused to detect full and partial multimedia files in datastreams. It istypically used to find (and restore) complete or partial video filesin datastreams (for instance, unallocated diskspace). The program iswritten in C#.net and runs on Windows XP, Windows Vista, and Windows7. It is distributed under the BSD License.
ptk-forensics - PTK - An alternative advanced interface for the TSKsuite (The Sleuth Kit). It was developed from scratch and besidesproviding the functions already present in Autopsy it implementsnumerous new features essential during forensic activity. The packageis written in JavaScript, PHP, PERL; it uses a web based userinterface and requires MySQL. It is released under the terms of thePTK Free Edition License.Open Computer Forensics Architecture - OCFA - A modular computerforensics framework built by the Dutch National Police Agency. Themain goal is to automate the digital forensic process to speed up theinvestigation and give tactical investigators direct access to theseized data through an easy to use search and browse interface. Ocfais based on the Linux operating system; therefore a knowledge ofLinux/UNIX is required. Knowledge of the SQL query language andcomputer forensics is helpful. OCFA is implemented in C++, Perl, andLinux Shell, and uses PostgreSQL. OCFA is released under the GNUGeneral Public License.rdd forensic copy program - rdd is a forensic copy program developedat and used by the Netherlands Forensic Institute (NFI). Unlike mostcopy programs, rdd is robust with respect to read errors, which is animportant property in a forensic operating environment. Rdd - A forensic copy program developed at and used by the NetherlandsForensic Institute (NFI). Unlike most copy programs, rdd is robustwith respect to read errors, which is an important property in aforensic operating environment. Rdd is written in C and runs on allLinux/UNIX type systems. It is released under the BSD License.INSERT - INside SEcurity Rescue Toolkit - A multi-purpose disasterrecovery and network analysis system, based on KNOPPIX. It runs from aCD. It has read-write support for NTFS-partitions. It is availableunder the GNU General Public License. It purports to be OSindependent, but it runs with the X Window System; therefore, it ismost likely to be of interest to Linux/UNIX users.LDE - Linux Disk Editor - A disk editor for linux, originally writtento help recover deleted files. LDE is distributed under the GNUGeneral Public License. It has a simple curses interface. It workswell with ext2, minix, xiafs, and is somewhat useable with fat andiso9660 file systems. It is suitable for use with all UNIX/Linux typesystems. ZipCracker - A program to help users recover files from passwordprotected zip archives. It has a easy to use Gnome User interface. ForLinux/UNIX. It is distributed under the GNU General Public License. e2undel - An interactive console tool that recovers the data ofdeleted files on an ext2 file system under Linux. It does not requireany additional tools and should be useable without knowledge aboutext2 interna. For all Linux/UNIX systems. Distributed under the GNUGeneral Public License. Repairlix - A networked Linux distribution/bootable system. It has asuite of utilities for doing system recovery. For Linux/Unixsystems. distributed under the GNU General Public License.Fileextractor - A tool for recovering files from a binary datasource. Sources such as digital cameras, partitions, harddrives,memory sticks or floppy disks may be corrupted, deleted or formattedby mistake. Once the file system is destroyed a tool such asFileExtractor may be able to recover your files. The program iswritten in Python using WxWigets and runs on all 32-bit Windowssystems and all Linux/UNIX/BSD systems, including OS X. Fileextractoris available under the GNU General Public License.
I believe this software to be useful, but naturally, I cannot give assurances about the suitability of any package for a particular purpose.
Shipping is $3.00 Worldwide
