Tools in Forensic

1. Antiword

Antiword is an application used to display text and a picture of a Microsoft Word document. Antiword only supports documents created by MS Word version 2 and version 6 or newer.

2. Autopsy

The Autopsy Forensic Browser is a graphical interface for investigative analysis tool command line diginal The Sleuth Kit. Together, they can analyze the disks and Windows and UNIX filesystems (NTFS, FAT, Ext2, UFS1/2/3).

3. Binhash

Binhash is a simple program to perform the hashing of the various sections of the files ELF and PE for comparison. Currently she performs a hash on the segment header from the header segment of an object segment header parts elves and obyekPE.

4. Sigtool

Sigtcol is a tool for the management of database and ClamAV signatures. sigtool can be used to rnenghasilkan the MD5 checksum, data conversion into hexadecimal format, display a list of virus signatures and build/unpack/test/verify a database update script and CVD.

5. ChaosReader

ChaosReader is a freeware tool to track the session TCP/UDP/... and pick up application data from log tcpdump. la would take a telnet session, file transfer FTP, HTTP (HTML, GIF, JPEG, ...), email SMTP, and so on, from the data captured by a log of network traffic. An html index file will be created containing a link to the rest of the session details, including the program replay realtime for a telnet session, rlogin, IRC, or X 11 VNC; and create reports such as the report image and report the contents of the HTTP GET/POST.data

6. Chkrootkit

Chkrootkit is a tool to check for signs of a rootkit. la will examine the main whether utilities are infected, and is currently examining approximately 60 rootkit and its variations.

7. dcfldd

This Tool was originally developed at the Department of Defense Computer Forensics Lab (DCFL). Although Nick Harbour is no longer affiliated with the DCFL he maintains this tool.

8. ddrescue

GNU ddrescue is a data recovery tool, la menyalinkan data from one file or block device (hard disc, cdrom, etc) to another, trying hard to save data in case of failure of the reading. Ddrescue does not truncate the output file if not asked. So each time you run it kefile the same output, he attempted to fill the void.

9. the foremost

Foremost is a tool that can be used to recover files based on the header, footer, or data structure of the file. la was initially developed by Jesse Kornblum and Kris Kendall of the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research. Foremost is currently maintained by Nick Mikus a researcher at the Naval Postgraduate School Center for Information Systems Security Studies and Research.

10. Gqview

Gqview is an image viewing program for GTK la supports image formats, zooming, panning, thumbnails, and sorting of images.

11. Galleta

Galleta is a tool written by Keith j. Jones to perform forensic analysis of cookies Internet Explorer.

12. Ishw

Ishw (Hardware Lister) is a small tool that provides detailed information about the configuration of the hardware in the machine. la may report memory configuration, firmware version, mainboard configuration, version and CPU speed, bus speed, cache configuration, etc. on the system of t > MI-capable x 86 or EFI System.

13. pasco

A lot of computer crime investigations require reconstruction of the Internet activities of the suspects. Because this analysis technique is done regularly, Keith investigates the structure of the data found in the activity file Internet Explorer (index.dat files). Pasco, which comes from Latin and means "browse", was developed to test the contents of the Internet Explorer cache files. Pasco will check the information in the index.dat files and issue results in delimited fields so it can be imported into your favorite spreadsheet program.

14. the Scalpel

Scalpel is a forensic tool that is designed to identify, isolate and recover data from media computer forensic investigations throughout the process. Scalpel seeks hard drive, bit-stream image, unallocated file space, or any computer files for characteristics, content or a particular attribute, and generates reports on the location and content of the artifacts that were found during the search process. Scalpel also produce (carves) artifacts that are found as individual files.