background preloader

The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools

The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools
Autopsy® and The Sleuth Kit® are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types. Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation. Join the sleuthkit-users list to ask questions and help others. Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.

Related:  Tools: Security - Forensics - Pentesting - Ethical HackingSecurity ToolsDigital Forensicsdigital Forensics

SIFT Kit/Workstation: Investigative Forensic Toolkit Download SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 Download SIFT Workstation VMware Appliance Now - 1.5 GB Having trouble downloading? Autopsy Forensic Browser: Download Download There are six files to download for each release: autopsy-X.X.X-32bit.msi: A 32-bit Windows installer. autopsy-X.X.X-64bit.msi: A 64-bit Windows installer. A platform for developers to write modules against. Various .asc files that are GPG signatures of the above files. List of digital forensics tools During the 1980s, most digital forensic investigations consisted of "live analysis", examining digital media directly using non-specialist tools. In the 1990s, several freeware and other proprietary tools (both hardware and software) were created to allow investigations to take place without modifying media. This first set of tools mainly focused on computer forensics, although in recent years similar tools have evolved for the field of mobile device forensics.[1]

Top 20 Free Digital Forensic Investigation Tools for SysAdmins Here are 20 of the best free tools that will help you conduct a digital forensic investigation. Whether it’s for an internal human resources case, an investigation into unauthorized access to a server, or if you just want to learn a new skill, these suites and utilities will help you conduct memory forensic analysis, hard drive forensic analysis, forensic image exploration, forensic imaging and mobile forensics. As such, they all provide the ability to bring back in-depth information about what’s “under the hood” of a system. The most essential tool for sysadmins: Automate multiple OS patching Scan for vulnerabilities Audit hardware and software Run compliance reports Discover, manage and secure your network Monitor & control web activity Manage bandwidth & internet usage Secure downloads & web browsing Control of applications & stronger policy

THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE Additional notes: This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons. Who needs the Anti-Malware Testfile

Black Hat USA 2014 - Arsenal Returning bigger than ever for 2014, Black Hat is pleased to once again present Arsenal--a Tool/Demo area where independent researchers and the open source community will showcase some awesome weapons. See below for the full list and descriptions of each of these tools. Hours and Location: August 6, 2014 | 10:00 - 18:00 | Breakers JK August 7, 2014 | 10:00 - 18:00 | Breakers JK Android Device Testing Framework HashDig 1 Welcome To The HashDig Project HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 and SHA1 hashes. In the early stages of an investigation, it is not typically possible or practical to examine all subject files. Therefore, practitioners need reliable methods that can quickly reduce the number of files requiring examination. One such method is to group files into two general categories: known and unknown. This method can be implemented quite effectively by manipulating hashes and comparing them to one or more reference databases.

Tools This is an overview of available tools for forensic investigators. Please click on the name of any tool for more details. Note: This page has gotten too big and is being broken up. See: Hard Drive Firmware and Diagnostics Tools Using Microsoft Network Monitor 3.3 The only way to gain an idea of what a network conversation is all about is to expand the node in the tree and take a look at who is talking to whom and what sort of conversation is going on. For example, if you expand the Unknown node you can immediately see the IP addresses of each of the machines involved in each of the conversations. In general any conversations going on between a pair of machines internal to your network isn't going to be an indicator of anything strange going on - they could be but most malware is concerned with communicating with the outside world. - Generate long, easy-to-remember passwords The button below will generate a random phrase consisting of four common words. According to yesterday’s xkcd strip, such phrases are hard to guess (even by brute force), but easy to remember, making them interesting password choices. It’s a novel idea, but xkcd stops short of actually recommending such passwords, and so will I. Hardware-based security more effective against new threats With software security tools and network vulnerabilities constantly being targeted by hackers, securing hardware components will grow in importance given it is more secure and cybercriminals will find it difficult to alter the physical layer for their purposes. Patrick Moorhead, president and principal analyst of Moor Insight and Strategy, said hardware-based security is more secure than software tools such as antivirus since it cannot be altered. Hardware-based security refers to safeguarding the computer using components such as processors.