Differences between revisions 1 and 89 (spanning 88 versions)
Revision 1 as of 2008-02-16 21:42:02
Size: 69
Editor: ?ChristopheMonniez
Comment:
Revision 89 as of 2015-06-04 07:51:08
Size: 5876
Editor: ?HenriSalo
Comment: https://tracker.debian.org/pkg/python-ssdeep
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
This is the TODO list of packages for the Debian-forensics project. This is the TODO list of packages for the Debian-Forensics project. Please check out [[DebianForensics/BugSquashing|the Bug Squashing page]] if you are interested in our current work on existing packages.

== Todo ==

||||||||||<style="text-align: center;">'''Packages that might be interesting for the Debian-Forensics project''' ||
||Name ||Short Description ||Website ||Remarks ||
||air ||A GUI frontend to dd and dcfldd ||http://air-imager.sourceforge.net/ || ||
||amun ||A python low interaction honeypot ||http://amunhoney.sourceforge.net/ || ||
||bar ||A small shell script progress bar ||http://www.theiling.de/projects/bar.html || note by mika: no release since 2007, though upstream's tarball provides debian/ (being outdated but works) ||
||bat ||Binary Analysis Tool ||http://www.binaryanalysis.org/en/home || ||
||bhv ||Browser history viewer ||http://dev.mmgsecurity.com/projects/bhv/ || ||
||biew ||Hex editor and disassembler ||http://biew.sourceforge.net/en/biew.html || see DebianBug:460636 ||
||catfs ||A tool to virtually concatenate splitted files into one use FUSE || http://sourceforge.net/projects/catfs/ || ||
||construct ||python declarative parser (and builder) for binary data. ||http://construct.readthedocs.org/ ||
||construct3 ||next generation of construct ||https://github.com/tomerfiliba/construct3 ||blog posts about it: http://tomerfiliba.com/blog/Survey-of-Construct3/ http://tomerfiliba.com/blog/Construct-Plans/ ||
||derrec ||a domain-specific language for binary file format parsers ||https://github.com/jvdb/derric ||
||dumpautocomplete ||Dump autocompleted fileds of firefox ||http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm || ||
||Exfat for Linux || ExFAT filesystem implementation for linux throug FUSE || http://code.google.com/p/exfat/ || Already packaged as exfat-fuse ||
||fat-gundel ||restores deleted JPEG images from your digital camera's storage chip ||http://freshmeat.net/projects/fat-gundel/ || Broken link (it is only avaliable in OpenSuSE) ||
||fatundel ||Undelete files from FAT ||http://synfin.net/fatundel/ || Broken link ||
||fmem ||Kernel driver that creates /dev/fmem device to direct access to physical memory (does not have limits that /dev/mem have). ||http://hysteria.sk/~niekt0/foriana/ || ||
||foregone.pl ||A carver in perl "a la foremost" ||http://www.secureworks.com/research/tools/foregone.html || ||
||grepj-fat ||A jpeg recovery tool ||http://www.guzu.net/linux/various.php#gepj-fat || note by beraldo: The method used to determine the type of fat, is wrong! always returns "FATs are equals! Can not determine type FAT". on a valid FAT12 and FAT16 image. Just work with FAT12, and FAT16. ||
||hed ||Hexadecimal editor ||http://pasky.or.cz/~pasky/dev/hed/ ||Hed is in Google Code now. http://code.google.com/p/hed/ ||
||heme ||Another hex editor ||http://heme.sourceforge.net/ || ||
||hydra ||A very fast network logon cracker ||http://freeworld.thc.org/thc-hydra/ || note by mika: packaging is easy, but the license is not a clean GPL one -> not distributable for Debian. Medusa is a good option, which is already packaged. ||
||libforensics||A python 3000 module dedicated to computer forensics||http://code.google.com/p/libforensics/|| ||
||libpff || Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format || http://sourceforge.net/projects/libpff/ || ||
||log2timeline ||Framework for artifact timeline creation and analysis || http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/ports/distfiles/log2timeline_0.51.tgz || Official Website Down ||
||parse::win32registry ||A very well done perl library to parse offline win32 registry ||http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm ||Already packaged in libparse-win32registry-perl ||
||pipemeter ||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php || ||
||pipeworks ||Benchmarking tool for pipelines ||http://sourceforge.net/projects/pipeworks/ || ||
||poorcase || Virtually reconstruct a split forensic disk image || http://code.google.com/p/poorcase/ || ||
||pyflag ||A forensic analysis tool with a GUI ||http://sourceforge.net/projects/pyflag/ || ||
||regripper ||An offline windows registry forensics analysis tool that depends on perl parse::win32registry ||http://www.regripper.net/ || ||
||revit ||A smart file carver ||https://www.uitwisselplatform.nl/projects/revit || ||
||regp.pl ||A offline registry parser ||http://sourceforge.net/project/showfiles.php?group_id=164158 || ||
||setmax ||A tool to play with HPA/DCO ||http://www.win.tue.nl/~aeb/linux/setmax.c || ||
||ucsniff ||VoIP & IP Video Security Assessment tool ||http://ucsniff.sourceforge.net/ || ||
||tftptheft ||TFTP security scanning tools ||https://github.com/sandrogauci/tftptheft || ||
||sipvicious ||Tools for auditing SIP based VoIP systems ||https://github.com/sandrogauci/sipvicious ||see DebianBug:479308 ||
||sdhash ||Forensic similarity hash digests tool || http://roussev.net/sdhash/|| ||
||snow ||exploits the steganographic nature of whitespace || http://www.darkside.com.au/snow/|| WARNING: the r-cran-snow package uses the snow source package name, that would need to be renamed first ||
||libforensic1394 ||A library to help in aquiring memory of another host through Firewire port || https://freddie.witherden.org/tools/libforensic1394/ || ||
||inception ||A tool that aquire/manipulate memory of another host through Firewire port || http://www.breaknenter.org/projects/inception/ || ||
||All the tools of Joachim Metz || He made so much interesting tools that all of them should be packaged || http://code.google.com/u/joachim.metz@gmail.com/ || ||
||dislocker || Another tool to mount or decrypt bitlocker encrypted volumes || https://github.com/Aorimn/dislocker || ||

This is the TODO list of packages for the Debian-Forensics project. Please check out the Bug Squashing page if you are interested in our current work on existing packages.

Todo

Packages that might be interesting for the Debian-Forensics project

Name

Short Description

Website

Remarks

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

amun

A python low interaction honeypot

http://amunhoney.sourceforge.net/

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

note by mika: no release since 2007, though upstream's tarball provides debian/ (being outdated but works)

bat

Binary Analysis Tool

http://www.binaryanalysis.org/en/home

bhv

Browser history viewer

http://dev.mmgsecurity.com/projects/bhv/

biew

Hex editor and disassembler

http://biew.sourceforge.net/en/biew.html

see 460636

catfs

A tool to virtually concatenate splitted files into one use FUSE

http://sourceforge.net/projects/catfs/

construct

python declarative parser (and builder) for binary data.

http://construct.readthedocs.org/

construct3

next generation of construct

https://github.com/tomerfiliba/construct3

blog posts about it: http://tomerfiliba.com/blog/Survey-of-Construct3/ http://tomerfiliba.com/blog/Construct-Plans/

derrec

a domain-specific language for binary file format parsers

https://github.com/jvdb/derric

dumpautocomplete

Dump autocompleted fileds of firefox

http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm

Exfat for Linux

ExFAT filesystem implementation for linux throug FUSE

http://code.google.com/p/exfat/

Already packaged as exfat-fuse

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Broken link (it is only avaliable in OpenSuSE)

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Broken link

fmem

Kernel driver that creates /dev/fmem device to direct access to physical memory (does not have limits that /dev/mem have).

http://hysteria.sk/~niekt0/foriana/

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

note by beraldo: The method used to determine the type of fat, is wrong! always returns "FATs are equals! Can not determine type FAT". on a valid FAT12 and FAT16 image. Just work with FAT12, and FAT16.

hed

Hexadecimal editor

http://pasky.or.cz/~pasky/dev/hed/

Hed is in Google Code now. http://code.google.com/p/hed/

heme

Another hex editor

http://heme.sourceforge.net/

hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

note by mika: packaging is easy, but the license is not a clean GPL one -> not distributable for Debian. Medusa is a good option, which is already packaged.

libforensics

A python 3000 module dedicated to computer forensics

http://code.google.com/p/libforensics/

libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format

http://sourceforge.net/projects/libpff/

log2timeline

Framework for artifact timeline creation and analysis

http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/ports/distfiles/log2timeline_0.51.tgz

Official Website Down

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Already packaged in libparse-win32registry-perl

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

poorcase

Virtually reconstruct a split forensic disk image

http://code.google.com/p/poorcase/

pyflag

A forensic analysis tool with a GUI

http://sourceforge.net/projects/pyflag/

regripper

An offline windows registry forensics analysis tool that depends on perl parse::win32registry

http://www.regripper.net/

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

ucsniff

VoIP & IP Video Security Assessment tool

http://ucsniff.sourceforge.net/

tftptheft

TFTP security scanning tools

https://github.com/sandrogauci/tftptheft

sipvicious

Tools for auditing SIP based VoIP systems

https://github.com/sandrogauci/sipvicious

see 479308

sdhash

Forensic similarity hash digests tool

http://roussev.net/sdhash/

snow

exploits the steganographic nature of whitespace

http://www.darkside.com.au/snow/

WARNING: the r-cran-snow package uses the snow source package name, that would need to be renamed first

libforensic1394

A library to help in aquiring memory of another host through Firewire port

https://freddie.witherden.org/tools/libforensic1394/

inception

A tool that aquire/manipulate memory of another host through Firewire port

http://www.breaknenter.org/projects/inception/

All the tools of Joachim Metz

He made so much interesting tools that all of them should be packaged

http://code.google.com/u/joachim.metz@gmail.com/

dislocker

Another tool to mount or decrypt bitlocker encrypted volumes

https://github.com/Aorimn/dislocker