This is the TODO list of packages for the Debian-Forensics project. Please check out [[DebianForensics/BugSquashing|the Bug Squashing page]] if you are interested in our current work on existing packages. == Todo == ||||||||||'''Packages that might be interesting for the Debian-Forensics project''' || ||Name ||Short Description ||Website ||Remarks || ||air ||A GUI frontend to dd and dcfldd ||http://air-imager.sourceforge.net/ || || ||amun ||A python low interaction honeypot ||http://amunhoney.sourceforge.net/ || || ||bar ||A small shell script progress bar ||http://www.theiling.de/projects/bar.html || note by mika: no release since 2007, though upstream's tarball provides debian/ (being outdated but works) || ||bat ||Binary Analysis Tool ||http://www.binaryanalysis.org/en/home || || ||bhv ||Browser history viewer ||http://dev.mmgsecurity.com/projects/bhv/ || || ||biew ||Hex editor and disassembler ||http://biew.sourceforge.net/en/biew.html || see DebianBug:460636 || ||catfs ||A tool to virtually concatenate splitted files into one use FUSE || http://sourceforge.net/projects/catfs/ || || ||construct ||python declarative parser (and builder) for binary data. ||http://construct.readthedocs.org/ || ||construct3 ||next generation of construct ||https://github.com/tomerfiliba/construct3 ||blog posts about it: http://tomerfiliba.com/blog/Survey-of-Construct3/ http://tomerfiliba.com/blog/Construct-Plans/ || ||derrec ||a domain-specific language for binary file format parsers ||https://github.com/jvdb/derric || ||dumpautocomplete ||Dump autocompleted fileds of firefox ||http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm || || ||Exfat for Linux || ExFAT filesystem implementation for linux throug FUSE || http://code.google.com/p/exfat/ || Already packaged as exfat-fuse || ||fat-gundel ||restores deleted JPEG images from your digital camera's storage chip ||http://freshmeat.net/projects/fat-gundel/ || Broken link (it is only avaliable in OpenSuSE) || ||fatundel ||Undelete files from FAT ||http://synfin.net/fatundel/ || Broken link || ||fmem ||Kernel driver that creates /dev/fmem device to direct access to physical memory (does not have limits that /dev/mem have). ||http://hysteria.sk/~niekt0/foriana/ || || ||foregone.pl ||A carver in perl "a la foremost" ||http://www.secureworks.com/research/tools/foregone.html || || ||grepj-fat ||A jpeg recovery tool ||http://www.guzu.net/linux/various.php#gepj-fat || note by beraldo: The method used to determine the type of fat, is wrong! always returns "FATs are equals! Can not determine type FAT". on a valid FAT12 and FAT16 image. Just work with FAT12, and FAT16. || ||hed ||Hexadecimal editor ||http://pasky.or.cz/~pasky/dev/hed/ ||Hed is in Google Code now. http://code.google.com/p/hed/ || ||heme ||Another hex editor ||http://heme.sourceforge.net/ || || ||hydra ||A very fast network logon cracker ||http://freeworld.thc.org/thc-hydra/ || note by mika: packaging is easy, but the license is not a clean GPL one -> not distributable for Debian. Medusa is a good option, which is already packaged. || ||libforensics||A python 3000 module dedicated to computer forensics||http://code.google.com/p/libforensics/|| || ||libpff || Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format || http://sourceforge.net/projects/libpff/ || || ||log2timeline ||Framework for artifact timeline creation and analysis || http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/ports/distfiles/log2timeline_0.51.tgz || Official Website Down || ||parse::win32registry ||A very well done perl library to parse offline win32 registry ||http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm ||Already packaged in libparse-win32registry-perl || ||pipemeter ||A pipe troughoutput measurement tool ||http://spamaps.org/pipemeter.php || || ||pipeworks ||Benchmarking tool for pipelines ||http://sourceforge.net/projects/pipeworks/ || || ||poorcase || Virtually reconstruct a split forensic disk image || http://code.google.com/p/poorcase/ || || ||pyflag ||A forensic analysis tool with a GUI ||http://sourceforge.net/projects/pyflag/ || || ||regripper ||An offline windows registry forensics analysis tool that depends on perl parse::win32registry ||http://www.regripper.net/ || || ||revit ||A smart file carver ||https://www.uitwisselplatform.nl/projects/revit || || ||regp.pl ||A offline registry parser ||http://sourceforge.net/project/showfiles.php?group_id=164158 || || ||setmax ||A tool to play with HPA/DCO ||http://www.win.tue.nl/~aeb/linux/setmax.c || || ||ucsniff ||VoIP & IP Video Security Assessment tool ||http://ucsniff.sourceforge.net/ || || ||tftptheft ||TFTP security scanning tools ||https://github.com/sandrogauci/tftptheft || || ||sipvicious ||Tools for auditing SIP based VoIP systems ||https://github.com/sandrogauci/sipvicious ||see DebianBug:479308 || ||sdhash ||Forensic similarity hash digests tool || http://roussev.net/sdhash/|| || ||snow ||exploits the steganographic nature of whitespace || http://www.darkside.com.au/snow/|| WARNING: the r-cran-snow package uses the snow source package name, that would need to be renamed first || ||libforensic1394 ||A library to help in aquiring memory of another host through Firewire port || https://freddie.witherden.org/tools/libforensic1394/ || || ||inception ||A tool that aquire/manipulate memory of another host through Firewire port || http://www.breaknenter.org/projects/inception/ || || ||All the tools of Joachim Metz || He made so much interesting tools that all of them should be packaged || http://code.google.com/u/joachim.metz@gmail.com/ || || ||dislocker || Another tool to mount or decrypt bitlocker encrypted volumes || https://github.com/Aorimn/dislocker || ||