SIFT Kit/Workstation: Investigative Forensic Toolkit Download SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 Download SIFT Workstation VMware Appliance Now - 1.5 GB Having trouble downloading? If you are having trouble downloading the SIFT Kit please contact firstname.lastname@example.org and include the URL you were given, your IP address, browser type, and if you are using a proxy of any kind. Having trouble with SIFT 3? If you are experiencing errors in SIFT 3 itself, please submit errors, bugs, and recommended updates here: How To: Download Ubuntu 14.04 ISO file and install Ubuntu 14.04 on any system. -> Once installed, open a terminal and run "wget --quiet -O - | sudo bash -s -- -i -s -y" Congrats -- you now have a SIFT workstation!! SIFT Workstation 3.0 Overview "The SIFT Workstation has quickly become my "go to" tool when conducting an exam. Key new features of SIFT 3.0 include: Installation
Open Source Computer Forensics Manual Digital Intelligence and Investigation Tools | The CERT Division By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, we have developed resources, training, and tools to facilitate forensic examinations and assist authorized members of the law enforcement community. Restricted Access Tools Users can access the following tools after they register and are vetted. Live View LE allows forensic investigators to take a physical device or an image file of a disk or partition and automatically transform it into a virtual machine. CCFinder is a suite of utilities designed to facilitate the discovery, organization, and query of financial data and related personally identifiable information in large-scale investigations.
DesktopAuditing | FREE Desktop and Network Security Auditing Resources Tools:Memory Imaging The physical memory of computers can be imaged and analyzed using a variety of tools. Because the procedure for accessing physical memory varies between operating systems, these tools are listed by operating system. Once memory has been imaged, it is subjected to memory analysis to ascertain the state of the system, extract artifacts, and so on. One of the most vexing problems for memory imaging is verifying that the image has been created correctly. That is, verifying that it reflects the actual contents of memory at the time of its creation. Memory Imaging Techniques Crash Dumps When configured to create a full memory dump, Windows operating systems will automatically save an image of physical memory when a bugcheck (aka blue screen or kernel panic) occurs. LiveKd Dumps The Sysinternals tool LiveKd can be used to create an image of physical memory on a live machine in crash dump format. Hibernation Files Firewire At CanSec West 05, Michael Becher, Maximillian Dornseif, and Christian N. Xen
Black Hat USA 2014 - Arsenal Returning bigger than ever for 2014, Black Hat is pleased to once again present Arsenal--a Tool/Demo area where independent researchers and the open source community will showcase some awesome weapons. See below for the full list and descriptions of each of these tools. Hours and Location: August 6, 2014 | 10:00 - 18:00 | Breakers JK August 7, 2014 | 10:00 - 18:00 | Breakers JK Android Device Testing Framework The Android Device Testing Framework ("dtf") is a data collection and analysis framework to help individuals answer the question: "Where are the vulnerabilities on this mobile device?" Automated Memory Analysis Automated Memory Analysis is a set of new innovative Cuckoo Sandbox plugins that adds new dynamic and memory analysis abilities such as: Demonstrations will cover how the plugins can help security researchers analyze advanced malware. Malware samples such as Snake (Uroburos), Stuxnet, and friends that evaded analysis will be dissected live to demonstrate the toolkit abilities.
Metashield Analyser. Analisis of metadata online. Internet Archive: Digital Library of Free Books, Movies, Music & Wayback Machine UNIX System Administration: Solaris, AIX, HP-UX, Tru64, BSD.: Digital Forensic Tools: Imaging, Virtualization, Cryptanalysis, Steganalysis, Data Recovery, Data Carving, Reverse Engineering "Jrypbzr gb gur bgure fvqr." Computer Forensics is a science and an art. And to perform it, you need tools to identify, acquisition, preserve and analyze data in a clean, safe, non-destructive manner. Lots of tools. A list of more or less free tools (mostly open source or freeware, but I have included some relevant commercial products) no digital forensics expert should be without: Data acquisition, enumeration, imaging and forensics tools: Toolkits and utilities. The Sleuth Kit and Autopsy Browser. Password recovery tools: You may often need to recover keys and passwords. "This text has been encrypted twice... for double protection!" Ophcrack is a very efficient Windows password cracker based on rainbow tables. Steganalysis and stenography: how to detect hidden data using stenography.
Hardware-based security more effective against new threats With software security tools and network vulnerabilities constantly being targeted by hackers, securing hardware components will grow in importance given it is more secure and cybercriminals will find it difficult to alter the physical layer for their purposes. Patrick Moorhead, president and principal analyst of Moor Insight and Strategy, said hardware-based security is more secure than software tools such as antivirus since it cannot be altered. Hardware-based security refers to safeguarding the computer using components such as processors. An RSA spokesperson added the physical layer eliminates the possibility of malware, such as virtual rootkits, from infiltrating the operating system and penetrating the virtualization layer. In 2010, RSA, together with VMWare and Intel, introduced a proof-of-concept framework to integrate security into the entire hardware stack. One example is ARM's joint venture with Gemalto and Giesecke & Devrient to set up Trustonic in December 2012.
Google hacking - Automated website hacking tools based on Google dorks Google hacking is a must for hackers and pen testers, the popular search engine is a mine of information for targeted analysis and reconnaissance phase. In the past we discussed on how to use Google hacking techniques to gather information on specific targets and discover vulnerable website on a large-scale. I decided to start from a submodule of the hacking program proposed by The Hacker Academy dedicated to use of Google during a penetration test to extend the discussion with a proof of concept. The security expert Dancho Danchev just published an interesting post on Google-dorks based mass Web site hacking/SQL injecting tool used by cyber criminals to facilitate the above malicious online activity. Google hacking tools are also used for a second purpose, cybercriminals exploit them to collect huge quantities of data to resell on the underground.