Archive | Forensics


14 November 2008 | 15,469 views

Maltego – Forensics and Intelligence Application & Information Gathering Tool

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have […]

Continue Reading

13 August 2008 | 11,400 views

raWPacket HeX – Network Security Monitoring & Analysis LiveCD

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included […]

Continue Reading

09 May 2008 | 19,367 views

Want Some COFEE? Microsoft Computer Online Forensic Evidence Extractor

Microsoft helping the good guys eh? I had someone ask me if I can get a hold of this so I did some checking up on.. I’d guess MS is doing this to sell additional software and services, but either way its a good thing to make a portable, easy to use and effective forensics […]

Continue Reading

27 February 2008 | 66,130 views

NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis. NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) […]

Continue Reading

22 February 2008 | 8,786 views

laptop and data theft protection

A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space. So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the […]

Continue Reading

22 February 2008 | 7,013 views

SWFIntruder – Analysis and Security Testing of Flash Applications

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal. I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently […]

Continue Reading

25 January 2008 | 18,875 views

argus – Auditing Network Activity – Performance & Status Monitoring

Another tool for the security side, good for forensics, monitoring and auditing. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, […]

Continue Reading

08 January 2008 | 6,182 views

The Revisionist – Metadata Retrieval Tool

The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets. It’s useful in that it […]

Continue Reading

28 November 2007 | 22,319 views

Chaosreader – Trace TCP/UDP Sessions from tcpdump

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs. Similar to tcpflow which we mentioned […]

Continue Reading

26 November 2007 | 12,135 views

tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow […]

Continue Reading