Archive | Forensics


22 February 2008 | 8,755 views

laptop and data theft protection

A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space. So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the […]

Continue Reading

22 February 2008 | 6,988 views

SWFIntruder – Analysis and Security Testing of Flash Applications

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal. I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently […]

Continue Reading

25 January 2008 | 18,862 views

argus – Auditing Network Activity – Performance & Status Monitoring

Another tool for the security side, good for forensics, monitoring and auditing. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, […]

Continue Reading

08 January 2008 | 6,172 views

The Revisionist – Metadata Retrieval Tool

The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets. It’s useful in that it […]

Continue Reading

28 November 2007 | 22,063 views

Chaosreader – Trace TCP/UDP Sessions from tcpdump

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs. Similar to tcpflow which we mentioned […]

Continue Reading

26 November 2007 | 12,094 views

tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow […]

Continue Reading

26 October 2007 | 14,730 views

Metagoofil 1.2 – Metadata Extractor Tool

What is this? Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.) How it works? The tool […]

Continue Reading

17 September 2007 | 5,978 views

Foremost – Recover Files From Drive or Drive Image AKA Carving

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a […]

Continue Reading

02 July 2007 | 14,475 views

tcpxtract – Extract Files from Network Traffic AKA Carving

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of […]

Continue Reading

12 April 2007 | 4,823 views

Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation. You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to […]

Continue Reading