analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT
Tag: Computer Forensics
Permanent link to this article: https://www.darknessgate.com/2016/10/07/analyze-mft/
Mft2Csv
Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …
Permanent link to this article: https://www.darknessgate.com/2016/10/07/mft2csv/
Computer Science 530 – Syllabus and Reading List — Fall 2016
University of Southern California Information Sciences Institute http://ccss.usc.edu/530/fall16/16-sylrl.html
Permanent link to this article: https://www.darknessgate.com/2016/09/28/computer-science-530-syllabus-and-reading-list-fall-2016/
RAMMap v1.5
Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information …
Permanent link to this article: https://www.darknessgate.com/2016/09/28/rammap-v1-5/
LiME (formerly DMD)
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. Full Android memory acquisition Acquisition over network interface Minimal process footprint …
Permanent link to this article: https://www.darknessgate.com/2016/09/17/lime-formerly-dmd/
Evolve
Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility Works with any Volatility module that provides a SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will eVOLve All results stored in a single SQLite db stored beside the RAM dump Web interface is fully AJAX using jQuery & …
Permanent link to this article: https://www.darknessgate.com/2016/09/16/evolve/
The Forensic Analysis Toolkit (FATKit)
The Forensic Analysis Toolkit (FATKit) is a new cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory. The framework is intended for researchers, law enforcement professionals, and forensics analysts who are interested in extracting and interpreting relevant information in the wake of a crime or incident. FATKit was developed in response to …
Permanent link to this article: https://www.darknessgate.com/2016/09/15/the-forensic-analysis-toolkit-fatkit/
Framework for Improving Critical Infrastructure Cybersecurity
The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Permanent link to this article: https://www.darknessgate.com/2016/09/04/framework-for-improving-critical-infrastructure-cybersecurity/
SKTimeStamp
SKTimeStamp is a very simple shell extension which adds a new tab to the Windows Explorer properties dialog. On that new tab, you can change the file/folder date and time. http://stefanstools.sourceforge.net/SKTimeStamp.html
Permanent link to this article: https://www.darknessgate.com/2016/08/04/sktimestamp/
Timestomp
Timestomp allows you to delete or modify all four New Technology File System (NTFS) timestamp values: Modified, Accessed, Created and Entry Modified. http://www.jonrajewski.com/data/for270/timestomp.exe Tool offical website is currently offline: https://www.bishopfox.com/resources/tools/other-free-tools/mafia/
Permanent link to this article: https://www.darknessgate.com/2016/07/29/timestomp/
Steghide UI
Steghide UI is a nifty GUI written by Drunken.Canadian for the console application steghide as the name suggests. It allows the user to everything steghide can but with a nice user friendly GUI. Now, steghide UI has a new options panel. Download Steghide UI
Permanent link to this article: https://www.darknessgate.com/2016/06/09/steghide-ui/