This is the TODO list of packages for the Debian-forensics project.

Todo: needs packaging

Done: available on Debian repositories

Wip: Work In Progress

ToRel: to be released (in GIT repository)

Packages to debianize for the Debian Forensics project

Name

Short Description

Website

Status

Remarks

afflib

Advanced forensic format libraries and tools

http://www.afflib.org/

Wip

The sleuthkit use this library

libewf

Library and tools to use the ?EyeWitness Encase file format

https://www.uitwisselplatform.nl/projects/libewf/

Todo

guymager use a special version of this library

air

A GUI frontend to dd and dcfldd

http://air-imager.sourceforge.net/

Todo

dd_rhelp

A bash script to help in the use of dd_rescue

http://www.kalysto.org/utilities/dd_rhelp/index.en.html

Todo

safecopy

A data recovery tool

http://safecopy.sourceforge.net/

Done

ftimes

System baselining and evidence collection tool

http://ftimes.sourceforge.net/FTimes/index.shtml

Todo

md5deep

A recursive hasher

http://md5deep.sourceforge.net/

Todo

pyflag

A forensic analysis tool with a GUI

http://www.pyflag.net/

Todo

setmax

A tool to play with HPA/DCO

http://www.win.tue.nl/~aeb/linux/setmax.c

Todo

dc3dd

Patched version of Gnu dd for forensics purposes

http://dc3dd.sourceforge.net/

Done

fat-gundel

restores deleted JPEG images from your digital camera's storage chip

http://freshmeat.net/projects/fat-gundel/

Todo

fatundel

Undelete files from FAT

http://synfin.net/fatundel/

Todo

fatback

undelete files from FAT

http://sourceforge.net/projects/fatback

?ToRel

nepenthes

A low interaction honeypot

http://nepenthes.mwcollect.org/

Todo

amun

A python low interaction honeypot

http://zero.ram.rwth-aachen.de/amun/download.php

Todo

pgpcrack

A tool to try to brute force pgp encrypted files

http://www.nic.funet.fi/index/crypt/mirrors/utopia/pgp/utils/pgpcrack/

Done

Hydra

A very fast network logon cracker

http://freeworld.thc.org/thc-hydra/

Todo

lcrack

Generic password cracker

http://usuarios.lycos.es/reinob/

Todo

revit

A smart file carver

https://www.uitwisselplatform.nl/projects/revit

Todo

foregone.pl

A carver in perl "a la foremost"

http://www.secureworks.com/research/tools/foregone.html

Todo

recoverphotos

A carver for jpeg and cr2 files

http://turingmachine.org/~dmg/recoverPhotos/

Done

grepj-fat

A jpeg recovery tool

http://www.guzu.net/linux/various.php#gepj-fat

Todo

bar

A small shell script progress bar

http://www.theiling.de/projects/bar.html

Todo

pipemeter

A pipe troughoutput measurement tool

http://spamaps.org/pipemeter.php

Todo

pipeworks

Benchmarking tool for pipelines

http://sourceforge.net/projects/pipeworks/

Todo

regp.pl

A offline registry parser

http://sourceforge.net/project/showfiles.php?group_id=164158

Todo

parse::win32registry

A very well done perl library to parse offline win32 registry

http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.30/lib/Parse/Win32Registry.pm

Todo

hed

Hexadecimal editor

http://pasky.or.cz/~pasky/dev/hed/

Todo

shed

Hex editor

http://shed.sourceforge.net/

Done

biew

Hex editor and disassembler

http://biew.sourceforge.net/en/biew.html

Todo

heme

Another hex editor

http://heme.sourceforge.net/

Todo

dumpautocomplete

Dump autocompleted fileds of firefox

http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htm

Todo

bhv

Browser history viewer

http://dev.mmgsecurity.com/projects/bhv/

Todo

regripper

An offline windows registry forensics analysis tool that depends on perl parse::win32registry

http://www.regripper.net/

Todo

msnshadow

A forensic tool to extract MSN traffic from pcap files

http://sourceforge.net/projects/msnshadow

Todo