CMD Watcher. Tools Disclaimer: All tools have been tested on 32-bit/64-bit Windows 7 and Windows 10. They are available free for personal or business use. Many of these tools have been packed to combine DLLs and make them portable. Because of this anti-virus software may falsely identify these tools as infected or suspicious. If you find these tools helpful, please consider donating: 3Mop83Vmwea1PfVgaFsxuy8gYAAYaqbf2p (BTC) All files are compressed using 7-Zip with the password: kahusecurity API Dumper Version: 0.1 Download: Link MD5: F9D81CEF38CA2D3BFAB250A4A86D9721 Description: Dumps strings from various API calls to reveal what VBA/XLM macros are doing. Binary File Converter Version: 0.1 Download: Link MD5: 4E3154C6F96DE47D068686DEC35AF565 Description: Converts small binary files into text and vice versa which enables you to move content into and out of locked-down, remote hosts via VPN, RDC, SecureDesktop, etc as long as access to the clipboard is allowed. Cipher Identifier.
Stuck with a cipher or cryptogram? This tool will help you identify the type of cipher, as well as give you information about possibly useful tools to solve it. This tool uses AI/Machine Learning technology to recognize over 25 common cipher types and encodings including: Caesar Cipher, Vigenère Cipher (including the autokey variant), Beaufort Cipher (including the autokey variant), Playfair Cipher, Two-Square/Double Playfair Cipher, Columnar Transposition Cipher, Bifid Cipher, Four-Square Cipher, Atbash Cipher, and many more!
Enter Ciphertext here You must enter the message. Note: To get accurate results, your ciphertext should be at least 25 characters long. Analysis Results Your ciphertext is likely of this type: Note: Your ciphertext is less than 25 characters long. For further text analysis and statistics, click here. Caesar Cipher The Caesar cipher, also known as a shift cipher is one of the oldest and most famous ciphers in history. Caesar Cipher Tool Monoalphabetic Substitution Cipher. ContextConsole Shell Extension. The ContextConsole Shell Extension adds an "Open Command Prompt" menu item to the context menus (right-click menus) in Windows Explorer so that you can open a command prompt in the selected directory (or directories) or in the current directory that you are viewing.
Open a command prompt in the current directory and in multiple directories at once You can open a command prompt in the directory that you are currently in by right-clicking on any empty screen space in the directory. This eliminates the need to navigate up a level in order to open a command prompt in the current directory, which was one of the biggest shortcomings of Microsoft's Open Command Window Here PowerToy. You can also open multiple command prompts by selecting a group of directories and invoking the command prompt. Support for elevated command prompts On versions of Windows that have UAC (Windows Vista, Windows 7, etc.), the ContextConsole Shell Extension can be used to open elevated command prompts.
Tiny footprint. CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis. DB Browser for SQLite. DCode - Timestamp Converter. What is DCode? DCode™ is a FREE forensic utility for converting data found on desktop and mobile devices into human-readable timestamps. It is the most comprehensive tool available for decoding timestamps and is a must-have utility for your tool box. The software was designed to assist forensic examiners in identifying and decoding timestamp data during a forensic investigation. It will also allow the reverse process where timestamps can be encoded into a number of different formats and data types. Encoding and Decoding Timestamp Data DCode™ v5 now has support for 69 different timestamp formats from various operating systems and platforms.
Time Zone Translation DCode™ v5 also supports time zone translation and will show UTC (Zulu) times and a converted local time based on the selected time zone. When the Select Time Zone button is clicked, the following window is displayed showing a breakdown of all the parameters for each Time Zone. Supported Timestamp Formats Filtering Date Ranges.
Deserializer - Plist normalizer. Diff Checker. DirLister - Simple and powerful folder and drive listing utility for Windows. Everything Search Engine. EverythingToolbar. ExifTool by Phil Harvey. Untitled. Click here to download ExiftoolGUI v5.16Click here to see GUI manual (en Français), or here for metadata related articles. New: How to add tags into Workspace flash video (~1.6MB). ExifToolGUI v5.16, April 5,2015Changes: Bug fixed shifting some date/time values. ExifToolGUI v5.15, January 8,2013Changes: Bug fixed where sub-directories with names containing a dot could be processed when processing the parent directory.
ExifToolGUI v5.14, June 5,2012Changes: Bug fixed for Import GPS data from Log files -in all cases, files weren't geotagged and message "No file specified" was shown. ExifToolGUI v5.00, January 27,2012Here it is: all new ExifToolGUI v5.Few months ago, I didn't think there would ever be a reason for making new major GUI version. In short: GUIv5 doesn't introduce any new "capabilities", nor has suddenly become magic tool. That's it... the last major GUI version. Bogdan. Forensic7z. Forensic7z is a plugin for the popular 7-Zip archiver. You can use Forensic7z to open and browse disk images created by specialized software for forensic analysis, such as Encase or FTK Imager.
At the moment, the Forensic7z plugin supports images in the following formats: ASR Expert Witness Compression Format (.S01) Encase Image File Format (.E01, .Ex01) Encase Logical Image File Format (.L01, .Lx01) Advanced Forensics Format (.AFF) AccessData FTK Imager Logical Image (.AD1) WinHex WHX Format (.WHX) Encrypted images are not currently supported. Installation The Forensic7z distribution package is an ordinary Zip archive that contains the following three files: Forensic7z.64.dll – the 64-bit version of the plugin Forensic7z.32.dll – the 32-bit version of the plugin ReadMe.txt – the user instructions To install the plugin into the 7-Zip installation folder, you need to create the "Formats" subfolder. Usage Current version Additional information. GREX - CMD tool to generate REGEX from user test cases.
HxD Hex Viewer. HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.
Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical. For example, drives and memory are presented similar to a file and are shown as a whole, in contrast to a sector/region-limited view that cuts off data which potentially belongs together. Drives and memory can be edited the same way as a regular file including support for undo. In addition memory-sections define a foldable region and inaccessible sections are hidden by default. Features License HxD is free of charge for private and commercial use. What's new Notes. Imm2Virtual - Image to VM. MAGNET Web Page Saver - Magnet Forensics. MDViewer 1.0 initial release – EasyMetaData. Announcing the initial 1.0 release of MDViewer and MDViewerCLI. Powered purely by Apache TIKA for parsing metadata. MDViewer A viewer for viewing file metadata (parsed by Apache TIKA) similar to MetaDiver review window.
Review metadata, strings, hex and more. It supports drag and drop and windows file-open support. MDViewerCLI A simple command line tool for viewing metadata. About -MDViewer is tool to view file metadata and file contents -MDViewerCLI is command line tool to view file metadata FAQ -MDViewer is a pure TIKA viewer at present where MetaDiver uses TIKA plus additional parsers. Releases v1.0.0 -Initial release of MDViewer and MDViewerCLI -Tika 1.19.1 (Supported formats: Download MDViewer Download MDViewerCLI I hope you all find it to be a useful addition to the toolkit. -Dave Announcing the initial 1.0 release of MDViewer and MDViewerCLI. MDViewer A viewer for viewing file metadata (parsed by Apache TIKA) similar to MetaDiver review window. MetaDiver – EasyMetaData. Discovering metadata in popular document formats, image formats, audio and video formats can be a tedious task.
MetaDiver simplifies the extraction and review of meta-data. If you have ever looked at the Properties of a file on your computer MetaDiver can find it and much more. What you don’t know is there is often much more metadata stored in documents that what you see. MetaDiver can pull metadata for the vast majority of document and image formats such as MS Office, Open Office, Images, JPEG Exif, GPS as well as audio & video tags. You can process email from PST, MSG and RFC822 EML files as well and then drill through the metadata such as conversationid, to, from, subject and extended mapi attributes such as last verb! Features chart Powered by Previews Processing window Review window All of the metadata MetaDiver finds is stored locally in a case folder that you specify.
MetaDiver can also perform some basic forensic tasks such as parsing of Windows Shortcuts and Jumplist’s. Download Page. Mimikatz. Monolith Notes - Monolith Forensics. NirLauncher - Nirsoft. Download NirLauncher Package This zip file is password-protected. The password for extracting the files is nirsoft9876$ (Click the password to copy it to the clipboard) Notice: Don't use any aggressive download manager that opens multiple connections. If you do so, your IP address might be blocked from downloading this package. Additional Downloads Translation Packs Most of NirSoft utilities are translated to other langauges by volunteers from around the world.
Notepad++ Rufus - Bootable USB Creator. SQLite Deleted Records Parser. SQLite Examiner - Free SQLite viewer software | Foxton Forensics. Sumatra - PDF Reader. Download SumatraPDF Portable version is a single executable, can be run from USB drive and doesn't write to registry. System requirements Supported OS: Windows 10, Windows 8, Windows 7, Vista.
For XP use version 3.1.2 . What's new in this version? Read version history . Pre-release builds. If you want the latest features, you can try pre-release builds. Previous versions If you really need them, you can download them from here . Source Code You can download the sources. Sysinternals Utilities. Sysinternals Suite The entire set of Sysinternals Utilities rolled up into a single download. Sysinternals Suite for Nano Server Sysinternals Utilities for Nano Server in a single download.
Sysinternals Suite for ARM64 Sysinternals Utilities for ARM64 in a single download. Sysinternals Suite from the Microsoft Store Sysinternals Utilities installation and updates via Microsoft Store. AccessChkv6.14 (June 22, 2021) AccessChk is a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more. AccessEnumv1.33 (October 12, 2021) This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. AdExplorerv1.51 (December 16, 2021) Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
AdRestorev1.2 (November 25, 2020) Undelete Server 2003 Active Directory objects. Autologonv3.10 (August 29, 2016) Bypass password screen during logon. TreeSize - File Disk Analyzer. Obsidianforensics/unfurl: Extract and Visualize Data from URLs using Unfurl. VeraCrypt. Note to publishers: If you intend to host our files on your server, please instead consider linking to this page. It will help us prevent spreading of obsolete versions, which we believe is critical when security software is concerned. Thank you. Supported versions of operating systems PGP Public Key: (ID=0x680D16DE, Fingerprint=5069A233D55A0EEB174A5FC3821ACD02680D16DE) Bleeding edge builds based on latest source code are available at Latest Stable Release - 1.25.9 (Saturday February 19, 2022) macOS: macOS Mavericks 10.9 and later: VeraCrypt_1.25.9.dmg (11.7 MB) (PGP Signature) OSXFUSE 3.10 or newer must be installed. Previous Versions Archives The packages and installers of all previous VeraCrypt versions can be found at What are PGP signatures?
WizTree - Disk Space Analyzer. The file search has been updated to work the way WizFile does. These new search filter options can also be used as filters when calling WizTree from the command line.Use operators "=", ">", ">=", "<", "<=" to filter files based on size or modified date. NB: Don't put any spaces between operators and values! E.g. to find files less than 100 bytes in size: <100 Append a 'k', 'm', 'g', or 't' to the number to search in Kb, Mb, Gb, Tb e.g. to find files between 500MB and 1Gb: >=500m <=1g 'kb', 'mb', 'gb', 'tb' can also be used, e.g.: >=500mb <=1gbTo filter by "allocated" size, use "a=", "a>", etc. e.g.
To find files with allocated size between 100MB and 200MB: a>=100m a<=200m e.g. to find files with 0 allocated size and greater than zero file size: a=0 >0To filter by date, specify a date in the format: yyyy/mm/dd e.g. Filter files modified before 2020/01/01: <2020/01/01Use the constant "today" to reference today's date. - ISO / USB Flasher. Ubuntu images (and potentially some other related GNU/Linux distributions) have a peculiar format that allows the image to boot without any further modification from both CDs and USB drives. A consequence of this enhancement is that some programs, like parted get confused about the drive's format and partition table, printing warnings such as: /dev/xxx contains GPT signatures, indicating that it has a GPT table.
However, it does not have a valid fake msdos partition table, as it should. Perhaps it was corrupted -- possibly by a program that doesn't understand GPT partition tables. Or perhaps you deleted the GPT table, and are now using an msdos partition table. Is this a GPT partition table? Both the primary and backup GPT tables are corrupt. Try making a fresh table, and using Parted's rescue feature to recover partitions.
Plist Editor - iCopyBot.