Archive | Forensics


03 August 2010 | 25,977 views

Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and […]

Continue Reading

26 July 2010 | 18,864 views

PlainSight – Open Source Computer Forensics LiveCD

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools such as RegRipper, Pasco, Mork, Foremost and many more. We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. […]

Continue Reading

22 July 2010 | 13,479 views

Sagan – Real-time System & Event Log (syslog) Monitoring System

Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time! Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting […]

Continue Reading

09 July 2010 | 10,777 views

REMnux: A Linux Distribution For Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser. REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically […]

Continue Reading

17 June 2010 | 32,556 views

raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks

raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by “dd”, using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format. It could be an interesting tool for doing forensics examinations on compromised boxes when all you have is a dd dump of […]

Continue Reading

04 May 2010 | 26,030 views

OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent. […]

Continue Reading

09 April 2010 | 7,927 views

StreamArmor – Discover & Remove Alternate Data Streams (ADS)

StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively […]

Continue Reading

01 December 2009 | 19,362 views

Process Hacker v1.7 Released – Process Viewer & Memory Editor

Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Key Features Viewing, terminating, suspending and resuming processes. Restarting processes, creating dump files, detaching from any […]

Continue Reading

20 October 2009 | 24,772 views

Origami – Parse, Analyze & Forge PDF Documents

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features […]

Continue Reading

15 October 2009 | 10,203 views

Deep Packet Inspection Engine Goes Open Source

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course). I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects […]

Continue Reading