Log Parser Lizard GUI Flexible and powerful log file parser. It also does much much more.
Noxcivis Field Toolkit The Noxcivis Field Toolkit (NFT) is a free and open interface that allows forensic examiners and collection teams to collect information from a computer.
Autopsy Forensics tool.
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
CAINE (Computer Aided INvestigative Environment) CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics.
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project ....
Capture-BAT Download Page | The Honeynet Project Capture-BAT Download Page
Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available. Capture BAT monitors state changes on a low kernel level and can easily be used across various Win32 operating system versions and configurations.
Debugging Techniques Standard and specialized debugging techniques.
This section discusses two types of debugging techniques: standard and specialized. Standard techniques apply to most debugging scenarios, and examples include setting breakpoints, inspecting the call stack, and finding a memory leak. Specialized techniques apply to particular technologies or types of code, and examples are Plug and Play debugging, Kernel Mode Driver Framework debugging, and RPC debugging.
DensityScout – CERT.at Command line tool to determine the relative "density" of a file.
This tool calculates density (like entropy) for files of a any file-system-path to finally output an accordingly descending ordered list. This makes it possible to quickly find (even unknown) malware on a potentially infected Microsoft Windows driven machine.
Didier Stevens A wonderful resource for forensics tools, techniques and approaches to malware and forensics.
Digital Forensics Dramework (DFF) Open Source Digital investigation software
DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.
e-fense :: Cyber Security If you are looking for the free, original Helix (2009R1) you need Helix3. Look on the page for the download link for this free version.
e-fense has options to meet your computer forensics and cyber security needs.
If you need visibility of your entire network to protect against malicious behavior, policy violations and hacking you need Helix3 Enterprise
If you need to acquire Internet History, Passwords and RAM data you need Live Response
If you are looking for the free, original Helix (2009R1) you need Helix3
If you need forensic disk imaging across multiple platforms or safe forensics platform for system previews you need Helix3 Pro
Explorer Suite Suite of executable file forensics utilities.
File and Partition Recovery Software Free download Partition Recovery Software, Deleted Partition Recovery, Active Partition Recovery Software.
Realize partition data recovery with Free Partition Recovery Software, Free Active Partition Recovery Software, Free Disk Partition Recovery Tool, Free NTFS Partition Recovery Tool, Recovery Partition, Hard Disk Recovery, Drive Partition Recovery, Deleted Partition Recovery and Hard Drive Partition Recovery Tool. Support FAT12, FAT16, FAT32, VFAT, NTFS, NTFS5 and Windows 2000 Professional/XP/Vista/7/8 and so on.
GParted Live GParted Live is a business card-size live CD distribution with a single purpose - to provide tools for partitioning hard disks in an intuitive, graphical environment.
GParted Live is a business card-size live CD distribution with a single purpose - to provide tools for partitioning hard disks in an intuitive, graphical environment. The distribution uses X.Org, the light-weight Fluxbox window manager, and the latest 2.6 Linux kernel. GParted Live runs on most x86 machines with a Pentium II or better.
Kali Linux The most advanced penetration testing distribution,
From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created. BackTrack has grown far beyond its humble roots as a live CD and has now become a full-fledged operating system. With all this buzz, you might be asking yourself.
LastActivityView LastActivityView - View the latest computer activity in Windows operating system
LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer. The activity displayed by LastActivityView includes: Running .exe file, Opening open/save dialog-box, Opening file/folder from Explorer or other software, software installation, system shutdown/start, application or system crash, network connection/disconnection and more...
You can easily export this information into csv/tab-delimited/xml/html file or copy it to the clipboard and then paste into Excel or other software.
Linux USB Creator Linux Live USB is a great product for creating bootable USB devices to install Linux to. It will also pull down the appropriate Linux distro for you so you don't have to find it yourself.
Incredibly useful for creating "Live" Linux distros for forensic examinations or just Linux fun.
LockHunter LockHunter is a free 64/32 bit tool to delete files blocked by any processes
MASTERKEY Linux Hi, welcome to the home of Masterkey - the official site to distribute Masterkey Linux live forensics system and Live Forensic Toolkit (LFT) for Windows, and provides related information and support.
Nessus Network vulnerability scanner.
Note that there are license implications if this is used outside of a "home'.
OSFClone OSFClone - Open source utility to create and clone forensic disk images
OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images quickly and independent of the installed operating system. In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata. An open standard enables investigators to quickly and efficiently use their preferred tools for drive analysis. After creating or cloning a disk image, you can mount the image with PassMark OSFMount before conducting analysis with PassMark OSForensics™.
PEStudio PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable.
PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable.
Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.
PlainSight Open Source computer forensics.
PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.
We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.
Remnux A Linux Toolkit for Reverse-Engineering and Analyzing Malware
Runtime Data Recovery Toolset
The simplest Data Recovery Software ever. Lightning fast, for FAT and NTFS. You can recover it now. GetDataBack Simple's user interface is so simple, it enables even the most inexperienced users to conduct their own data recovery with just one click. Our developers have combined decades of data recovery experience with the newest technologies. GetDataBack Simple recovers files from Windows drives when the data is no longer accessible due to formatting, partitioning, virus attack, power or software failure.
SIFT SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Sleuthkit Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
System Center 2012 R2 Configuration Manager Toolkit Server and client SCCM tools.
The Configuration Manager Trace Log Tool component (in the client tools part) is an excellent event log tailer. i.e. Log files can be opened and the tool will live refresh as the file that has been opened changes.
