Archive | Forensics


25 January 2008 | 18,814 views

argus – Auditing Network Activity – Performance & Status Monitoring

Another tool for the security side, good for forensics, monitoring and auditing. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, [...]

Continue Reading


08 January 2008 | 6,147 views

The Revisionist – Metadata Retrieval Tool

The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets. It’s useful in that it [...]

Continue Reading


28 November 2007 | 21,012 views

Chaosreader – Trace TCP/UDP Sessions from tcpdump

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs. Similar to tcpflow which we mentioned [...]

Continue Reading


26 November 2007 | 11,943 views

tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow [...]

Continue Reading


26 October 2007 | 14,629 views

Metagoofil 1.2 – Metadata Extractor Tool

What is this? Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.) How it works? The tool [...]

Continue Reading


17 September 2007 | 5,938 views

Foremost – Recover Files From Drive or Drive Image AKA Carving

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a [...]

Continue Reading


02 July 2007 | 14,386 views

tcpxtract – Extract Files from Network Traffic AKA Carving

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of [...]

Continue Reading


12 April 2007 | 4,803 views

Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation. You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to [...]

Continue Reading


02 March 2007 | 8,277 views

Handy Recovery for Recovering Deleted Data on Windows

Handy Recovery is pretty neat software, there is occasions when I’m using Windows and I need to recover something or I’ve deleted something by mistake (I have a habit of using SHIFT+DEL so it’s not even in the recycle bin. I usually use Active Undelete and was pretty happy with it, I got a chance [...]

Continue Reading


17 January 2007 | 6,567 views

Data Recovery – A Decent Article

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business. So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links [...]

Continue Reading