Differences between revisions 24 and 25
Revision 24 as of 2008-04-05 12:07:35
Size: 6276
Editor: ?ChristopheMonniez
Comment:
Revision 25 as of 2008-09-14 09:33:11
Size: 4005
Editor: daniel
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
||missidentify ||Search win32 executables without an legacy extension ||http://missidentify.sourceforge.net/ ||Done || ||
||ssdeep ||Piecewise hashing ||http://ssdeep.sourceforge.net/ ||Done || ||
||memdump ||Memory dumper ||http://www.porcupine.org/forensics/ ||Done || ||
Line 17: Line 14:
||recoverdm ||Damaged media recovery tool ||http://www.vanheusden.com/recoverdm/ ||Done || ||
Line 21: Line 17:
||myrescue ||Another data recovery tool ||http://myrescue.sourceforge.net/ ||Done || ||
Line 26: Line 21:
||scroungentfs ||Data recovery program for NTFS file systems ||http://memberwebs.com/stef/software/scrounge/ ||Todo || ||
Line 41: Line 35:
||pipebench ||A pipe progress indicator ||http://www.habets.pp.se/synscan/programs.php?prog=pipebench ||Done || ||
||pipemeter ||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php ||Done || ||
||pipemeter ||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php ||Todo || ||
Line 44: Line 37:
||reglookup ||A tool to explore the win32 registry ||http://projects.sentinelchicken.org/reglookup/ ||!ToRel || ||
Line 53: Line 45:
||grokevt ||Tools to read and reassemble windows event logs ||http://projects.sentinelchicken.org/grokevt/ ||!ToRel || ||
||galetta ||a ms-windows cookies analyzer ||http://sourceforge.net/project/showfiles.php?group_id=78332 ||Done || ||
||pasco ||a ms-windows IExplorer cache analyzer ||http://sourceforge.net/project/showfiles.php?group_id=78332 ||Done || ||
||rifiuti ||a ms-windows trashcan analyzer ||http://sourceforge.net/project/showfiles.php?group_id=78332 ||!ToRel || ||
Line 61: Line 49:
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||
|| || || || || ||

This is the TODO list of packages for the Debian-forensics project.

Todo: needs packaging

Done: available on Debian repositories

Wip: Work In Progress

ToRel: to be released (in GIT repository)

Packages to debianize for the Debian Forensics project

Name

Short Description

Website

Status

Remarks

afflib

Advanced forensic format libraries and tools

http://www.afflib.org/

Wip

The sleuthkit use this library

libewf

Library and tools to use the ?EyeWitness Encase file format

https://www.uitwisselplatform.nl/projects/libewf/

Todo

guymager use a special version of this library

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

Todo

dd_rhelp

A bash script to help in the use of dd_rescue

http://www.kalysto.org/utilities/dd_rhelp/index.en.html

Todo

safecopy

A data recovery tool

http://safecopy.sourceforge.net/

Todo

ftimes

System baselining and evidence collection tool

http://ftimes.sourceforge.net/FTimes/index.shtml

Todo

md5deep

A recursive hasher

http://md5deep.sourceforge.net/

Todo

pyflag

A forensic analysis tool with a GUI

http://www.pyflag.net/

Todo

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

Todo

dc3dd

Patched version of Gnu dd for forensics purposes

http://dc3dd.sourceforge.net/

Done

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Todo

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Todo

fatback

undelete files from FAT

http://sourceforge.net/projects/fatback

Todo

nepenthes

A low interaction honeypot

http://nepenthes.mwcollect.org/

Todo

amun

A python low interaction honeypot

http://zero.ram.rwth-aachen.de/amun/download.php

Todo

pgpcrack

A tool to try to brute force pgp encrypted files

http://www.nic.funet.fi/index/crypt/mirrors/utopia/pgp/utils/pgpcrack/

Done

Hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

Todo

lcrack

Generic password cracker

http://usuarios.lycos.es/reinob/

Todo

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

Todo

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

Todo

recoverphotos

A carver for jpeg and cr2 files

http://turingmachine.org/~dmg/recoverPhotos/

Done

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

Todo

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

Todo

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

Todo

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

Todo

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

Todo

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Todo

hed

Hexadecimal editor

http://pasky.or.cz/~pasky/dev/hed/

Todo

shed

Hex editor

http://shed.sourceforge.net/

Todo

biew

Hex editor and disassembler

http://biew.sourceforge.net/en/biew.html

Todo

heme

Another hex editor

http://heme.sourceforge.net/

Todo

dumpautocomplete

Dump autocompleted fileds of firefox

http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm

Todo

bhv

Browser history viewer

http://dev.mmgsecurity.com/projects/bhv/

Todo