Archive | Forensics


28 November 2007 | 20,885 views

Chaosreader – Trace TCP/UDP Sessions from tcpdump

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs. Similar to tcpflow which we mentioned [...]

Continue Reading


26 November 2007 | 11,932 views

tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow [...]

Continue Reading


26 October 2007 | 14,622 views

Metagoofil 1.2 – Metadata Extractor Tool

What is this? Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.) How it works? The tool [...]

Continue Reading


17 September 2007 | 5,935 views

Foremost – Recover Files From Drive or Drive Image AKA Carving

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a [...]

Continue Reading


02 July 2007 | 14,381 views

tcpxtract – Extract Files from Network Traffic AKA Carving

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of [...]

Continue Reading


12 April 2007 | 4,802 views

Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation. You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to [...]

Continue Reading


02 March 2007 | 8,276 views

Handy Recovery for Recovering Deleted Data on Windows

Handy Recovery is pretty neat software, there is occasions when I’m using Windows and I need to recover something or I’ve deleted something by mistake (I have a habit of using SHIFT+DEL so it’s not even in the recycle bin. I usually use Active Undelete and was pretty happy with it, I got a chance [...]

Continue Reading


17 January 2007 | 6,567 views

Data Recovery – A Decent Article

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business. So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links [...]

Continue Reading


06 July 2006 | 7,150 views

A Forensic Analysis of the Lost Veteran’s Administration Laptop

An interesting speculative post on the forensics techniques that would most likely be used by the FBI during the investigation of the recovered Veteran’s Administration laptop. Most of them are pretty straight forwards if you have any kind of experience with digital forensics and data recovery (disaster recovery, incident response etc.) As a former Computer [...]

Continue Reading