This list of Forensics/Network Forensics tools contains some of the tools that can be used to extract valuable info from the system or from network capture files (usually pcap files). Imagine getting a large pcap file and you need to extract all emails form there? Or Extract all jpegs? These tools can definitely help.
DateDecoder - “A command line tool used to decode various date/time stamps from their encoded format to human readable format.”
http://www.live-forensics.com/dl/DateDecoder.zip
Draugr - "Live memory forensics (Linux (symbols, process))"
http://www.esiea-recherche.eu/~desnos/draugr/draugr.tar.gz
EchoMirage - “Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.”
http://www.bindshell.net/tools/echomirage
Foremost - "Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery."
http://foremost.sourceforge.net/
Forensics ToolKit - "The Forensic ToolKit™ contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity."
http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htm
HexReader - “Reads hexoffsets from files, is primary used to then send output to datedecoder.”
http://www.live-forensics.com/dl/HexReader.zip
Hfsexplorer - "HFSExplorer is an application that can read Mac-formatted hard disks and disk images.
It can read the file systems HFS (Mac OS Standard), HFS+ (Mac OS Extended) and HFSX (Mac OS Extended with case sensitive file names)."
http://hem.bredband.net/catacombae/hfsx.html
http://www.macosxforensics.com/Downloads/Downloads.html
JSUnpack - “...it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs.”
http://jsunpack.jeek.org/jsunpack-n.tgz
Memoryze - "Memoryze is designed to aid in memory analysis in incident response scenarios. However, it has many useful features that can be utilized when doing malware analysis. Memoryze is special in that it does not rely on API calls. Instead Memoryze parses the operating systems' internal structures to determine for itself what the operating system and its running processes and drivers are doing."
http://www.mandiant.com/products/free_software/memoryze/
NetworkMiner - “The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network.”
http://networkminer.sourceforge.net/
PCAP Forensic Tool - “This tool as of now, hosts the following features:-Packet Summary,DNS Summary,Stream Summary,List files within stream (magic bytes),List files within archives in streams(ZIP and TAR),Extract files based on magic type, Look within ZIP and TAR archives for file type to extract,GZIP Decompression for files and archives, Extraction Summary...”
RecycleReader - “Reads XP, Vista and 7 INFO2 files”
http://www.live-forensics.com/dl/RecycleReader.zip
SleuthKit - "The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data."
Skipfish - “A fully automated, active web application security reconnaissance tool.”
http://code.google.com/p/skipfish/
SQLiX - “SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL).”
http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
Xplico - “The goal of Xplico is extract from an internet traffic capture the applications data contained.”
Xtractr - “xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps. “
2010/12/03 - [Tools] - [분석툴]The Tools(Malware Analysis Tools - Monday, November 29, 2010 - Updated)
2010/07/22 - [Tools] - [분석툴]Malicious Document Analysis Tools(Malware Analysis Tools)
2010/05/26 - [Tools] - [분석툴]Malicious Document Analysis Tools(Microsoft Office or PDF)
댓글