Differences between revisions 14 and 15
Revision 14 as of 2008-02-21 06:13:57
Size: 5784
Editor: ?ChristopheMonniez
Comment:
Revision 15 as of 2008-02-23 06:42:19
Size: 5786
Editor: ?ChristopheMonniez
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
||missidentify||Search win32 executables without an legacy extension||http://missidentify.sourceforge.net/||Todo|| || ||missidentify ||Search win32 executables without an legacy extension ||http://missidentify.sourceforge.net/ ||Wip|| ||

This is the TODO list of packages for the Debian-forensics project.

Packages to debianize for the Debian Forensics project

Name

Short Description

Website

Status

Remarks

missidentify

Search win32 executables without an legacy extension

http://missidentify.sourceforge.net/

Wip

ssdeep

Piecewise hashing

http://ssdeep.sourceforge.net/

Done

memdump

Memory dumper

http://www.porcupine.org/forensics/

Done

afflib

Advanced forensic format libraries and tools

http://www.afflib.org/

Todo

The sleuthkit use this library

libewf

Library and tools to use the ?EyeWitness Encase file format

https://www.uitwisselplatform.nl/projects/libewf/

Todo

guymager use a special version of this library

recoverdm

Damaged media recovery tool

http://www.vanheusden.com/recoverdm/

Done

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

Todo

dd_rhelp

A bash script to help in the use of dd_rescue

http://www.kalysto.org/utilities/dd_rhelp/index.en.html

Todo

safecopy

A data recovery tool

http://safecopy.sourceforge.net/

Todo

myrescue

Another data recovery tool

http://myrescue.sourceforge.net/

Done

ftimes

System baselining and evidence collection tool

http://ftimes.sourceforge.net/FTimes/index.shtml

Todo

md5deep

A recursive hasher

http://md5deep.sourceforge.net/

Todo

pyflag

A forensic analysis tool with a GUI

http://www.pyflag.net/

Todo

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

Todo

scroungentfs

Data recovery program for NTFS file systems

http://memberwebs.com/stef/software/scrounge/

Todo

dc3dd

Patched version of Gnu dd for forensics purposes

http://dc3dd.sourceforge.net/

Done

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Todo

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Todo

fatback

undelete files from FAT

http://sourceforge.net/projects/fatback

Todo

nepenthes

A low interaction honeypot

http://nepenthes.mwcollect.org/

Todo

amun

A python low interaction honeypot

http://zero.ram.rwth-aachen.de/amun/download.php

Todo

pgpcrack

A tool to try to brute force pgp encrypted files

http://www.nic.funet.fi/index/crypt/mirrors/utopia/pgp/utils/pgpcrack/

Done

Hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

Todo

lcrack

Generic password cracker

http://usuarios.lycos.es/reinob/

Todo

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

Todo

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

Todo

recoverphotos

A carver for jpeg and cr2 files

http://turingmachine.org/~dmg/recoverPhotos/

Done

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

Todo

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

Todo

pipebench

A pipe progress indicator

http://www.habets.pp.se/synscan/programs.php?prog=pipebench

Done

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

Done

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

Todo

reglookup

A tool to explore the win32 registry

http://projects.sentinelchicken.org/reglookup/

Todo

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

Todo

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Todo

hed

Hexadecimal editor

http://pasky.or.cz/~pasky/dev/hed/

Todo

shed

Hex editor

http://shed.sourceforge.net/

Todo

biew

Hex editor and disassembler

http://biew.sourceforge.net/en/biew.html

Todo

heme

Another hex editor

http://heme.sourceforge.net/

>Todo

dumpautocomplete

Dump autocompleted fileds of firefox

http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm

Todo

bhv

Browser history viewer

http://dev.mmgsecurity.com/projects/bhv/

Todo

grokevt

Tools to read and reassemble windows event logs

http://projects.sentinelchicken.org/grokevt/

Todo