Category: Digital Forensic

MoonSols DumpIt

This utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. The raw memory dump is generated in the current directory, only a confirmation question is prompted before starting. Perfect to deploy the executable on USB keys, for quick incident responses needs. Download …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/moonsols-dumpit/

KnTTools Basic

The KnTTools Basic Edition includes KnTDD.  KnTDD is a next generation tool for the acquisition of physical memory evidence from select Microsoft Windows operating systems. Main Features: Acquisition of physical memory (main computer memory) evidence from systems running select Microsoft Windows operating systems, including Windows Vista. Acquisition to a removable USB or firewire drive based …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/knttools-basic/

volafox

volafox a.k.a ‘Memory Analyzer for Mac OS X’ is developed on python 2.x System Environment Lang: Python 2.x Arch: Intel x86/IA-32e OS: Snow Leopard(10.6), Lion(10.7), Mountain Lion(10.8) – r83 Requirement Kernel Symbol List overlay data Memory Image Linear File Format(Firewire or VMware memory image) Flatten Mac Memory Reader Format by using flatten.py(32bit, 64bit) Information Kernel …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/volafox/

Compile Memory Analysis Tool (CMAT)

The Compile Memory Analysis Tool (CMAT) is a self-contained memory analysis tool that analyzes a Windows O/S memory (either in a dump or via XenAccess in a Xen VM) and extracts information about the operating system and the running processes. Download Compile Memory Analysis Tool (CMAT)

Permanent link to this article: https://www.darknessgate.com/2012/09/15/compile-memory-analysis-tool-cmat/

Open Computer Forensics Architecture (OCFA)

The Open Computer Forensics Architecture is developed as 3 separate main sub projects that are bundled together in the open source distribution of the Open Computer Forensics Architecture. [OcfaLib] [OcfaArch] [OcfaModules]. Read More and Download OCFA From Here  

Permanent link to this article: https://www.darknessgate.com/2012/09/15/open-computer-forensics-architecture-ocfa/

The Sleuth Kit and Autopsy Browser

The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/the-sleuth-kit-and-autopsy-browser/

The Coroner’s Toolkit (TCT)

TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system. Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/the-coroners-toolkit-tct-2/

The Coroner's Toolkit (TCT)

TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system. Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/the-coroners-toolkit-tct/

PTK forensics

PTK forensics is a computer forensic framework for the command line tools in the SleuthKit plus much more software modules. This makes it usable and easy to investigate a system. PTK forensics offers many features such as multi-user analysis, search and management of complex digital investigation cases. The core component of the software is an …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/ptk-forensics/

Digital Forensics Framwork

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). It can be used both by professional and non-expert in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data. Main Features: Read local drivers or …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/09/15/digital-forensics-framwork/

Online Hex Editor

Online Hex editor , you can upload any file to edit it online! Visit Online Hex Editor

Permanent link to this article: https://www.darknessgate.com/2012/09/13/online-hex-editor/