Forensic Tools Part-1
Hashbot Online Forensic Web Tool
Hashbot is a forensic web tool to acquire and validate, over time, the status of an individual web page or web document.
Acquire: Insert the URL to acquire, select your favorite user agent (default is Firefox) and click on submit. Wait for creating process finish and download the zip archive.
Validate: Unzip the archive downloaded by the creation service, open the <code>-code.txt file and use the "Validate Info" section to fill in the validation form. Click on submit and wait for the server response.
HashBot
Registry Decoder - Digital Forensics Tool
Digital forensics deals with the analysis of artifacts on all types of digital devices.
One of the most prevalent analysis techniques performed is that of the registry
hives contained in Microsoft Windows operating systems.
Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.
Download
Rifiuti v1.0
The foundation of Rifiuti's examination methodology is presented in the white paper located here. Rifiuti will parse the information in an INFO2 file and output the results
in a field delimited manner so that it may be imported into your favorite spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
Usage:
rifiuti [options] <filename>
-t Field Delimiter (TAB by default)
Example Usage:
[kjones:rifiuti/rifiuti_20030410_1/bin] kjones% ./rifiuti INFO2 > INFO2.txt
Open INFO2.txt as a TAB delimited file in MS Excel to further sort and filter your
results.
Download
Acquire: Insert the URL to acquire, select your favorite user agent (default is Firefox) and click on submit. Wait for creating process finish and download the zip archive.
Validate: Unzip the archive downloaded by the creation service, open the <code>-code.txt file and use the "Validate Info" section to fill in the validation form. Click on submit and wait for the server response.
HashBot
Registry Decoder - Digital Forensics Tool
Digital forensics deals with the analysis of artifacts on all types of digital devices.
One of the most prevalent analysis techniques performed is that of the registry
hives contained in Microsoft Windows operating systems.
Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.
Download Rifiuti v1.0
A Recycle Bin Forensic Analysis Tool.
Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.
Many computer crime investigations require the reconstruction of a subject's Recycle Bin. Since this analysis technique is executed regularly, we researched the structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti, the Italian word meaning "trash", was developed to examine the contents of the INFO2 file in the Recycle Bin.
Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.
Many computer crime investigations require the reconstruction of a subject's Recycle Bin. Since this analysis technique is executed regularly, we researched the structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti, the Italian word meaning "trash", was developed to examine the contents of the INFO2 file in the Recycle Bin.
The foundation of Rifiuti's examination methodology is presented in the white paper located here. Rifiuti will parse the information in an INFO2 file and output the results
in a field delimited manner so that it may be imported into your favorite spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
Usage:
rifiuti [options] <filename>
-t Field Delimiter (TAB by default)
Example Usage:
[kjones:rifiuti/rifiuti_20030410_1/bin] kjones% ./rifiuti INFO2 > INFO2.txt
Open INFO2.txt as a TAB delimited file in MS Excel to further sort and filter your
results.
Download
Comments
Post a Comment