Tag: Computer Forensics

Analyze MFT

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT

Permanent link to this article: https://www.darknessgate.com/2016/10/07/analyze-mft/

Mft2Csv

Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/10/07/mft2csv/

Computer Science 530 – Syllabus and Reading List — Fall 2016

University of Southern California Information Sciences Institute http://ccss.usc.edu/530/fall16/16-sylrl.html

Permanent link to this article: https://www.darknessgate.com/2016/09/28/computer-science-530-syllabus-and-reading-list-fall-2016/

RAMMap v1.5

Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/28/rammap-v1-5/

LiME (formerly DMD)

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. Full Android memory acquisition Acquisition over network interface Minimal process footprint …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/17/lime-formerly-dmd/

Evolve

Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility Works with any Volatility module that provides a SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will eVOLve All results stored in a single SQLite db stored beside the RAM dump Web interface is fully AJAX using jQuery & …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/16/evolve/

The Forensic Analysis Toolkit (FATKit)

The Forensic Analysis Toolkit (FATKit) is a new cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory. The framework is intended for researchers, law enforcement professionals, and forensics analysts who are interested in extracting and interpreting relevant information in the wake of a crime or incident. FATKit was developed in response to …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/15/the-forensic-analysis-toolkit-fatkit/

Framework for Improving Critical Infrastructure Cybersecurity

The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

Permanent link to this article: https://www.darknessgate.com/2016/09/04/framework-for-improving-critical-infrastructure-cybersecurity/

SKTimeStamp

SKTimeStamp is a very simple shell extension which adds a new tab to the Windows Explorer properties dialog. On that new tab, you can change the file/folder date and time. http://stefanstools.sourceforge.net/SKTimeStamp.html

Permanent link to this article: https://www.darknessgate.com/2016/08/04/sktimestamp/

Timestomp

Timestomp allows you to delete or modify all four New Technology File System (NTFS) timestamp values: Modified, Accessed, Created and Entry Modified. http://www.jonrajewski.com/data/for270/timestomp.exe Tool offical website is currently offline: https://www.bishopfox.com/resources/tools/other-free-tools/mafia/

Permanent link to this article: https://www.darknessgate.com/2016/07/29/timestomp/

Steghide UI

Steghide UI is a nifty GUI written by Drunken.Canadian for the console application steghide as the name suggests. It allows the user to everything steghide can but with a nice user friendly GUI. Now, steghide UI has a new options panel. Download Steghide UI

Permanent link to this article: https://www.darknessgate.com/2016/06/09/steghide-ui/