Category: Digital Forensic

Analyze MFT

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT

Permanent link to this article: https://www.darknessgate.com/2016/10/07/analyze-mft/

Mft2Csv

Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/10/07/mft2csv/

RAMMap v1.5

Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/28/rammap-v1-5/

LiME (formerly DMD)

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. Full Android memory acquisition Acquisition over network interface Minimal process footprint …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/17/lime-formerly-dmd/

Evolve

Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility Works with any Volatility module that provides a SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will eVOLve All results stored in a single SQLite db stored beside the RAM dump Web interface is fully AJAX using jQuery & …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/16/evolve/

The Forensic Analysis Toolkit (FATKit)

The Forensic Analysis Toolkit (FATKit) is a new cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory. The framework is intended for researchers, law enforcement professionals, and forensics analysts who are interested in extracting and interpreting relevant information in the wake of a crime or incident. FATKit was developed in response to …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/15/the-forensic-analysis-toolkit-fatkit/

Crowbar

Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/08/09/crowbar-2/

My First book is coming soon…!

In the digital world, the need to protect online communications increase as the technology behind it evolves. There are many techniques currently available to encrypt and secure our communication channels. Data hiding techniques can take data confidentiality to a new level as we can hide our secret messages in ordinary, honest-looking data files. Steganography is …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/07/19/my-first-book-is-coming-soon/

Mobatek labs

MobaLiveCD is a freeware that will run your Linux LiveCD on Windows thanks to the excellent emulator called “Qemu”. MobaLiveCD allows you to test your LiveCD with a single click : after downloading the ISO image file of your favorite LiveCD, you just have to start it in MobaLiveCD and here you are, without the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/06/09/mobatek-labs/

Netwrix Change Notifier for Active Directory

Netwrix Change Notifier for Active Directory tracks changes to Active Directory (AD) users, group memberships, OUs, permissions, and provides visibility into what’s happening inside your AD. This freeware tool is a winner of multiple awards from Redmond Magazine and Windows IT Pro Magazine. http://www.netwrix.com/free_tool_for_change_auditing_of_active_directory.html

Permanent link to this article: https://www.darknessgate.com/2015/05/14/netwrix-change-notifier-for-active-directory/

GDB: The GNU Project Debugger

GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed. GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act: Start …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/04/12/gdb-the-gnu-project-debugger/