Differences between revisions 10 and 11
Revision 10 as of 2008-02-16 23:07:52
Size: 5100
Editor: ?ChristopheMonniez
Comment:
Revision 11 as of 2008-02-17 06:42:28
Size: 5135
Comment:
Deletions are marked like this. Additions are marked like this.
Line 27: Line 27:
||revit||A smart file carver ||https://www.uitwisselplatform.nl/projects/revit||Todo|| ||
||foregone.pl||A carver in perl "a la foremost"||http://www.secureworks.com/research/tools/foregone.html||Todo|| ||
||recoverphotos||A carver for jpeg and cr2 files ||http://turingmachine.org/~dmg/recoverPhotos/||Todo|| ||
||grepj-fat||A jpeg recovery tool ||http://www.guzu.net/linux/various.php#gepj-fat||Todo|| ||
||bar||A small shell script progress bar ||http://www.theiling.de/projects/bar.html||Todo|| ||
||pipebench||A pipe progress indicator ||http://www.habets.pp.se/synscan/programs.php?prog=pipebench||Done|| ||
||pipemeter||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php||Done|| ||
||pipeworks||Benchmarking tool for pipelines ||http://sourceforge.net/projects/pipeworks/||Todo|| ||
||reglookup||A tool to explore the win32 registry ||http://projects.sentinelchicken.org/reglookup/||Todo|| ||
||regp.pl||A offline registry parser ||http://sourceforge.net/project/showfiles.php?group_id=164158||Todo|| ||
||parse::win32registry||A very well done perl library to parse offline win32 registry||http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm||Todo|| ||
||revit ||A smart file carver ||https://www.uitwisselplatform.nl/projects/revit ||Todo || ||
||foregone.pl ||A carver in perl "a la foremost" ||http://www.secureworks.com/research/tools/foregone.html ||Todo || ||
||recoverphotos ||A carver for jpeg and cr2 files ||http://turingmachine.org/~dmg/recoverPhotos/ ||Done || ||
||grepj-fat ||A jpeg recovery tool ||http://www.guzu.net/linux/various.php#gepj-fat ||Todo || ||
||bar ||A small shell script progress bar ||http://www.theiling.de/projects/bar.html ||Todo || ||
||pipebench ||A pipe progress indicator ||http://www.habets.pp.se/synscan/programs.php?prog=pipebench ||Done || ||
||pipemeter ||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php ||Done || ||
||pipeworks ||Benchmarking tool for pipelines ||http://sourceforge.net/projects/pipeworks/ ||Todo || ||
||reglookup ||A tool to explore the win32 registry ||http://projects.sentinelchicken.org/reglookup/ ||Todo || ||
||regp.pl ||A offline registry parser ||http://sourceforge.net/project/showfiles.php?group_id=164158 ||Todo || ||
||parse::win32registry ||A very well done perl library to parse offline win32 registry ||http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm ||Todo || ||

This is the TODO list of packages for the Debian-forensics project.

Packages to debianize for the Debian Forensics project

Name

Short Description

Website

Status

Remarks

ssdeep

Piecewise hashing

http://ssdeep.sourceforge.net/

Done

memdump

Memory dumper

http://www.porcupine.org/forensics/

Done

afflib

Advanced forensic format libraries and tools

http://www.afflib.org/

Todo

The sleuthkit use this library

libewf

Library and tools to use the ?EyeWitness Encase file format

https://www.uitwisselplatform.nl/projects/libewf/

Todo

guymager use a special version of this library

recoverdm

Damaged media recovery tool

http://www.vanheusden.com/recoverdm/

Done

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

Todo

dd_rhelp

A bash script to help in the use of dd_rescue

http://www.kalysto.org/utilities/dd_rhelp/index.en.html

Todo

safecopy

A data recovery tool

http://safecopy.sourceforge.net/

Todo

myrescue

Another data recovery tool

http://myrescue.sourceforge.net/

Done

ftimes

System baselining and evidence collection tool

http://ftimes.sourceforge.net/FTimes/index.shtml

Todo

md5deep

A recursive hasher

http://md5deep.sourceforge.net/

Todo

pyflag

A forensic analysis tool with a GUI

http://www.pyflag.net/

Todo

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

Todo

scroungentfs

Data recovery program for NTFS file systems

http://memberwebs.com/stef/software/scrounge/

Todo

dc3dd

Patched version of Gnu dd for forensics purposes

http://dc3dd.sourceforge.net/

Done

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Todo

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Todo

fatback

undelete files from FAT

http://sourceforge.net/projects/fatback

Todo

nepenthes

A low interaction honeypot

http://nepenthes.mwcollect.org/

Todo

amun

A python low interaction honeypot

http://zero.ram.rwth-aachen.de/amun/download.php

Todo

pgpcrack

A tool to try to brute force pgp encrypted files

http://www.nic.funet.fi/index/crypt/mirrors/utopia/pgp/utils/pgpcrack/

Done

Hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

Todo

lcrack

Generic password cracker

http://usuarios.lycos.es/reinob/

Todo

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

Todo

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

Todo

recoverphotos

A carver for jpeg and cr2 files

http://turingmachine.org/~dmg/recoverPhotos/

Done

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

Todo

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

Todo

pipebench

A pipe progress indicator

http://www.habets.pp.se/synscan/programs.php?prog=pipebench

Done

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

Done

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

Todo

reglookup

A tool to explore the win32 registry

http://projects.sentinelchicken.org/reglookup/

Todo

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

Todo

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Todo