The Windows Forensic Toolchest (WFT) was written to provide an automated incident response [or even an audit] on a Windows system while collecting security-relevant information from the system. WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.
6813e639f5c3bedb2cf043df9ed01affe042b3c9e8ba04981f48a3c42ad9272f
AIRT (Advanced incident response tool) is a set of incident response assistance tools for Linux. Tools allow you to look for hidden modules, processes, and ports. Additionally, two tools will dump and analyze hidden modules.
9686c7f859e29a96749089080f8f3ae874bff6d2ed8eca513afe8e9c935f527e
FLAG, or Forensic and Log Analysis GUI, is an application designed to assist IT security professionals with analyzing log files, tcpdump files and hard disk images for forensic evidence. It utilizes Ethereal and Sleuthkit.
8a99e0ec9b3438b56aa3cbce3c4d33deaffa4ad6fabecdf506e2de008ab92730
AIRT (Advanced incident response tool) is a set of incident response assistance tools for Linux. Tools allow you to look for hidden modules, processes, and ports. Additionally, two tools will dump and analyze hidden modules.
ed1fa893e032cfcfddf136f0d364fd8b082fa2baf0a415d57f50997a57cfece6
FLAG, or Forensic and Log Analysis GUI, is an application designed to assist IT security professionals with analyzing log files, tcpdump files and hard disk images for forensic evidence. It utilizes Ethereal and Sleuthkit.
c4d0d549ab071f75b8bbb61a9f2dfbeafe9f2de40633f3fd05de71d0564452f2
The Autopsy Forensics Browser is a graphical interface to The Sleuth Kit (TASK). Autopsy allows one to view allocated and deleted file system content in a "File Manager" style interface, create timelines of file activity, sort files by type, and perform key word searches.
61d752dcec0c92b9a7bb0dcc844a24e8b30913646d2f64d78e2fbb5deb440033
The Sleuth Kit is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit.
2ef8cd41584b70c595c997932c5f219bf03632be6bf787f6333e75349026b29c
The Autopsy Forensics Browser is a graphical interface to The Sleuth Kit (TASK). Autopsy allows one to view allocated and deleted file system content in a "File Manager" style interface, create timelines of file activity, sort files by type, and perform key word searches.
5e514879f77a30c1b6c5eb222f5fcd42a74dce85c50a61d3ffd185aea07b984e
The Sleuth Kit is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit.
7d026ec2e16d8ccacece01a494c97bb7f15f0c569ef4841571de6045c95c5c28
The Autopsy Forensic Browser is an HTML-based graphical interface to The here.
cde4370054a7517eb875f440b96f74eecd787db70646c17b539c794decd11608
Pdd (Palm dd) is a Windows-based tool for for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. Pdd will preserve the crime scene by obtaining a bit-for-bit image or "snapshot" of the Palm device's memory contents. Such data can be used by forensic investigators and incident response teams.
6e0fb5a1061f176311aa320ef23ad3cc13753f68dab1ada83300f6fa78e67ff3
Mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the 'mactime' tool in The @stake Sleuth Kit (TASK) to make a time line of file activity. mac-robber is similar to running the 'grave-robber' tool from The Coroner's Toolkit with the '-m' flag, except this is written in C and not Perl.
fba5080859c28624e2e603940d5efd60cb02546d431f19f5ace0fbf4a7ad88db
The Autopsy Forensic Browser is an HTML-based graphical interface to The here.
7082a6700ccd1c6090ef3d8e04453441c07498c803d272c05f52b45e9c6e55ca