This is the TODO list of packages for the Debian-Forensics project. Please check out the Bug Squashing page if you are interested in our current work on existing packages.
Todo
Packages that might be interesting for the Debian-Forensics project |
||||
Name |
Short Description |
Website |
Remarks |
|
air |
A GUI frontend to dd and dcfldd |
|
||
amun |
A python low interaction honeypot |
|
||
bar |
A small shell script progress bar |
note by mika: no release since 2007, though upstream's tarball provides debian/ (being outdated but works) |
||
bat |
Binary Analysis Tool |
|
||
bhv |
Browser history viewer |
|
||
biew |
Hex editor and disassembler |
see 460636 |
||
catfs |
A tool to virtually concatenate splitted files into one use FUSE |
|
||
construct |
python declarative parser (and builder) for binary data. |
|||
construct3 |
next generation of construct |
blog posts about it: http://tomerfiliba.com/blog/Survey-of-Construct3/ http://tomerfiliba.com/blog/Construct-Plans/ |
||
derrec |
a domain-specific language for binary file format parsers |
|||
dumpautocomplete |
Dump autocompleted fileds of firefox |
http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm |
|
|
Exfat for Linux |
ExFAT filesystem implementation for linux throug FUSE |
Already packaged as exfat-fuse |
||
fat-gundel |
restores deleted JPEG images from your digital camera's storage chip |
Broken link (it is only avaliable in OpenSuSE) |
||
fatundel |
Undelete files from FAT |
Broken link |
||
fmem |
Kernel driver that creates /dev/fmem device to direct access to physical memory (does not have limits that /dev/mem have). |
|
||
foregone.pl |
A carver in perl "a la foremost" |
|
||
grepj-fat |
A jpeg recovery tool |
note by beraldo: The method used to determine the type of fat, is wrong! always returns "FATs are equals! Can not determine type FAT". on a valid FAT12 and FAT16 image. Just work with FAT12, and FAT16. |
||
hed |
Hexadecimal editor |
Hed is in Google Code now. http://code.google.com/p/hed/ |
||
heme |
Another hex editor |
|
||
hydra |
A very fast network logon cracker |
note by mika: packaging is easy, but the license is not a clean GPL one -> not distributable for Debian. Medusa is a good option, which is already packaged. |
||
libforensics |
A python 3000 module dedicated to computer forensics |
|
||
libpff |
Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format |
|
||
log2timeline |
Framework for artifact timeline creation and analysis |
http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/ports/distfiles/log2timeline_0.51.tgz |
Official Website Down |
|
parse::win32registry |
A very well done perl library to parse offline win32 registry |
http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm |
Already packaged in libparse-win32registry-perl |
|
pipemeter |
A pipe troughoutput measurement tool |
|
||
pipeworks |
Benchmarking tool for pipelines |
|
||
poorcase |
Virtually reconstruct a split forensic disk image |
|
||
pyflag |
A forensic analysis tool with a GUI |
|
||
regripper |
An offline windows registry forensics analysis tool that depends on perl parse::win32registry |
|
||
revit |
A smart file carver |
|
||
regp.pl |
A offline registry parser |
http://sourceforge.net/project/showfiles.php?group_id=164158 |
|
|
setmax |
A tool to play with HPA/DCO |
|
||
ucsniff |
VoIP & IP Video Security Assessment tool |
|
||
tftptheft |
TFTP security scanning tools |
|
||
sipvicious |
Tools for auditing SIP based VoIP systems |
see 479308 |
||
sdhash |
Forensic similarity hash digests tool |
|
||
snow |
exploits the steganographic nature of whitespace |
WARNING: the r-cran-snow package uses the snow source package name, that would need to be renamed first |
||
libforensic1394 |
A library to help in aquiring memory of another host through Firewire port |
|
||
inception |
A tool that aquire/manipulate memory of another host through Firewire port |
|
||
All the tools of Joachim Metz |
He made so much interesting tools that all of them should be packaged |
|
||
dislocker |
Another tool to mount or decrypt bitlocker encrypted volumes |
|
||