This is the TODO list of packages for the Debian-Forensics project. Please check out the Bug Squashing page if you are interested in our current work on existing packages.

Todo

Packages that might be interesting for the Debian-Forensics project

Name

Short Description

Website

Remarks

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

amun

A python low interaction honeypot

http://amunhoney.sourceforge.net/

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

note by mika: no release since 2007, though upstream's tarball provides debian/ (being outdated but works)

bat

Binary Analysis Tool

http://www.binaryanalysis.org/en/home

bhv

Browser history viewer

http://dev.mmgsecurity.com/projects/bhv/

biew

Hex editor and disassembler

http://biew.sourceforge.net/en/biew.html

see 460636

catfs

A tool to virtually concatenate splitted files into one use FUSE

http://sourceforge.net/projects/catfs/

construct

python declarative parser (and builder) for binary data.

http://construct.readthedocs.org/

construct3

next generation of construct

https://github.com/tomerfiliba/construct3

blog posts about it: http://tomerfiliba.com/blog/Survey-of-Construct3/ http://tomerfiliba.com/blog/Construct-Plans/

derrec

a domain-specific language for binary file format parsers

https://github.com/jvdb/derric

dumpautocomplete

Dump autocompleted fileds of firefox

http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm

Exfat for Linux

ExFAT filesystem implementation for linux throug FUSE

http://code.google.com/p/exfat/

Already packaged as exfat-fuse

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Broken link (it is only avaliable in OpenSuSE)

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Broken link

fmem

Kernel driver that creates /dev/fmem device to direct access to physical memory (does not have limits that /dev/mem have).

http://hysteria.sk/~niekt0/foriana/

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

note by beraldo: The method used to determine the type of fat, is wrong! always returns "FATs are equals! Can not determine type FAT". on a valid FAT12 and FAT16 image. Just work with FAT12, and FAT16.

hed

Hexadecimal editor

http://pasky.or.cz/~pasky/dev/hed/

Hed is in Google Code now. http://code.google.com/p/hed/

heme

Another hex editor

http://heme.sourceforge.net/

hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

note by mika: packaging is easy, but the license is not a clean GPL one -> not distributable for Debian. Medusa is a good option, which is already packaged.

libforensics

A python 3000 module dedicated to computer forensics

http://code.google.com/p/libforensics/

libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format

http://sourceforge.net/projects/libpff/

log2timeline

Framework for artifact timeline creation and analysis

http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/ports/distfiles/log2timeline_0.51.tgz

Official Website Down

undbx

A tool to extract emails from MS Outlook Express DBX files

http://code.google.com/p/undbx/

Mostly ready in git - needs testing

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Already packaged in libparse-win32registry-perl

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

poorcase

Virtually reconstruct a split forensic disk image

http://code.google.com/p/poorcase/

pyflag

A forensic analysis tool with a GUI

http://sourceforge.net/projects/pyflag/

regripper

An offline windows registry forensics analysis tool that depends on perl parse::win32registry

http://www.regripper.net/

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

sslstrip

A tool for improving HTTP MITM attacks by stripping out redirections to SSL

http://www.thoughtcrime.org/software/sslstrip/index.html

Python ssdeep

Python wrapper for ssdeep

http://pypi.python.org/pypi/ssdeep

Another implementation here: http://code.google.com/p/pyssdeep/

ucsniff

VoIP & IP Video Security Assessment tool

http://ucsniff.sourceforge.net/

tftptheft

TFTP security scanning tools

http://code.google.com/p/tftptheft/

sipvicious

Tools for auditing SIP based VoIP systems

http://code.google.com/p/sipvicious/

sdhash

Forensic similarity hash digests tool

http://roussev.net/sdhash/

snow

exploits the steganographic nature of whitespace

http://www.darkside.com.au/snow/

WARNING: the r-cran-snow package uses the snow source package name, that would need to be renamed first

libforensic1394

A library to help in aquiring memory of another host through Firewire port

https://freddie.witherden.org/tools/libforensic1394/

inception

A tool that aquire/manipulate memory of another host through Firewire port

http://www.breaknenter.org/projects/inception/

libbde

A library and tools to mount bitlocker encrypted volumes

http://code.google.com/p/libbde/

All the tools of Joachim Metz

He made so much interesting tools that all of them should be packaged

http://code.google.com/u/joachim.metz@gmail.com/

dislocker

Another tool to mount or decrypt bitlocker encrypted volumes

https://github.com/Aorimn/dislocker