jess LAND
       www.jessland.net
        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Forensics > Software > Linux Forensics Section Map

Linux Forensics Tools

Content Leader: Jess Garcia - Last Updated: November 28, 2006


Forensic acquisition

  • dd: tool to make bit to bit copies and backups
  • dd_rescue: more or less the same as dd but handles disk errors
  • dd_rhelp: a script to facilitate the use of dd_rescue
  • dcfldd: tool to make bit to bit copies
  • AFFLIB: Advanced Forensic Format tools
  • sdd: a dd clone specialized in tapes
  • AIR: A graphical frontend for dd and dcfldd

Forensic analysis

  • Sleuthkit/Autopsy: tool to find deleted files (and many more features)
  • Galetta: a ms-windows cookies analyzer
  • Pasco: a ms-windows IExplorer cache analyzer
  • Rifiuti: a ms-windows trashcan analyzer
  • mork.pl: perl script to read firefox history.dat
  • cookie_cruncher.pl: a tool to parse cookies
  • dumpster_dive.pl: a tool to read m$ recycle bin files
  • browser-history-viewer: as the name says

Document Metadata Analysis

  • extract: Displays meta-data from files of arbitrary type

PDF

  • pdftk: A tool to work with pdf files
  • pdfinfo:: Part of the xpdf tool. Provides more information than pdftk.

Undelete

  • Sleuthkit/Autopsy: tool to find deleted files (and many more features)
  • testdisk: tool to recover damaged partitions (WIP version)
  • gpart: Tool to recover damaged partitions
  • NTFS Tools: tools to find deleted files on NTFS partitions
  • Scrounge-NTFS: a tool to rescue data from NTFS partitions
  • recoverjpeg: a tool to recover jpeg images
  • fatback: a tool to undelete files on a fat filesytsem
  • foremost: a tool to find files on a raw disk based on their headers
  • magicrescue: another one
  • e2undel: recover deleted files on ext2
  • recover: like e2undel
  • e2retrieve: a tool to recover deleted files on ext2 filesystems
  • myrescue: a tool to recover data on damaged hard disk drives
  • recoverdm: another tool to recover data on damaged hard disk drives
  • scalpel: another foremost/magicrescue like tool
  • gzrecover: a tool to recover data from damaged gz files
  • safecopy: a tool to recover data from damaged devices

Hardware utils

  • discover: a tool to discover hardware
  • lshw: a very useful tool to list hardware
  • scsitools: some useful scsi tools
  • scsiadd: a script to rescan scsi chain
  • blktool: a tool to display or change block devices settings

Disk/partition utils

  • setmax: A tool to change Host Protected Area settings (no support of large disks)
  • testdisk: tool to recover damaged partitions (WIP version)
  • disktype: a tool to list disk partitions and other useful informations
  • ms-sys: a tool to create ms boot sectors (fdisk /mbr)
  • safecopy: a tool to recover data from damaged devices

Archive tools

  • zoo: the zoo compression algorythm support
  • p7zip: the 7zip compression tools
  • orange: cab file reader
  • spantape: a tool to span data on multiple tapes
  • unshield: a reader for self extraction shield files
  • unrar: a tool to uncompress rar files
  • unace: a tool to uncompress ace files
  • gzrecover: a tool to recover data from damaged gz files

Pictures tools

  • FBI: tool to view images in console mode
  • exiftags: a tool to extract exif informations in jpeg files
  • exif: another one
  • metacam: a third one
  • jhead: a fourth one
  • dcraw: a tool to read raw photo images from digital cameras
  • jpeginfo: a tool view jpeg files informations
  • recoverPhotos: another image recovery tool
  • exifprobe: another exif extractor

Video tools

  • MPlayer: tool to view movies in console mode

Password cracker

  • cmospwd: a tool to recover cmos passwords
  • pwl: a tool to crack win 9x pwl files
  • John the ripper: a password cracker for unixes, and win nt,2k and xp passwords
  • lcrack: lepton cracker
  • chntpw: a tool to help cracking NT passwords
  • crack: a password cracker
  • samdump: a tool to extract password hashes from MS Windows registry files
  • bkhive: a tool to extract Syskey bootkey from MS Windows system hive file
  • pgpcrack: a pgp brute force attacker
  • nasty: a tool to try to recover PGP or GPG passphrases
  • fcrackzip: a zip file password cracker
  • medussa: a distributed password cracker

Crypto/Stegano tools

  • cryptcat: a encrypted version of netcat
  • outguess: a stegano tool
  • stegdetect: a tool to detect stegano
  • bcrypt: crypto utility
  • ccrypt: an encryption decryption tool

Anti-virus

  • clamav: command line antivirus
  • rkhunter: a rootkit hunter

MS files tools

  • Galetta: a ms-windows cookies analyzer
  • Pasco: a ms-windows IExplorer cache analyzer
  • Rifiuti: a ms-windows trashcan analyzer
  • readpst: a tools to read ms-Outlook pst files
  • antiword: a tool to read ms-Word files
  • mdbtools: playing with MS mdb access databases
  • ripole: A tool to rip attachements from MS files
  • tnef: A tool to decode MS encapsulation format
  • fccu-docprop: a tool to read MS OLE files (mainly doc, xls) properties
  • fccu.evtreader: a tool to parse MS evt log files
  • reglookup: MS windows registry viewer
  • grokevt: An MS win event log viewer with dll message import
  • eindeutig: read and convert dbx files
  • clit: convert MS e-books
  • cookie_cruncher.pl: a tool to parse cookies
  • dumpster_dive.pl: a tool to read m$ recycle bin files
  • mscompress: Decompress files compressed with compress.exe

Network

  • RIP and PXE boot: A complete system for large network keyword search
  • sbd: a netcat like utility with encryption supprot
  • smbc: samba commander
  • p0f: A passive OS fingerprinting tool
  • arping: a ping utility
  • ngrep: grep utility for network packets
  • netwox: a toolbox with more than 200 network tools
  • sshfs: a filesystem client based on ssh
  • lft: a traceroute tool
  • socat: a netcat like tool
  • netdiscover: a tool to discover networks
  • mimms: download mms streams
  • weplab: a wep security analyzer
  • netsed: network srteam altering tool

Network scanner

  • knocker: TCP security port scanner
  • nikto: web server security scanner
  • nbtscan: a smb network scanner

Network capture

  • tcpick: textmode sniffer
  • tcptrack: another one
  • tcpflow: a tool to capture tcp packets
  • tcpreplay: a tool to replay TCP dumps (replay a tap)
  • tcpextract: a tool to extract files from network traffic based on file headersw
  • netdude: a tool to analyze captured tcp packets
  • dsniff: a tool to sniff packets on a network
  • hunt: packet sniffer
  • sniffit: another one
  • ettercap: a packet sniffer
  • driftnet: sniff images (jpegs ...) on the network
  • karpski: another sniffer
  • nast: another one
  • scapy: packet manipulation tool
  • hydra: a network services password guessing tool
  • chatsniff: an instant messenger sniffer
  • msn-capture: a tool to capture msn traffic from the network
  • imsniff: an instant messaging sniffer
  • darkstat: another packet sniffer
  • netwox: a toolbox with more than 200 network tools
  • prismstumbler: a wireless sniffer

Malware collection

  • nepenthes: A tool to collect malware
  • mwcollect: A tool to collect malware

VNC utils

  • xvncviewer: a VNC client (runs under X)
  • direct-vnc: a VNC client in console mode

Common tools

  • pipebench: a pipe progress viewer
  • pv: another pipe progress viewer
  • cpipe: another pipe progress viewer
  • pipemeter: another pipe progress viewer
  • biew: an HEX editor
  • bfr: a buffer optimizer
  • biabam: Bash Attachement mailer
  • aish: convert too and from uuencode or base 64
  • mimedecode: like the name says
  • ftimes: a tool to gather informations about files
  • md5deep: a tool to recursively calculate md5 hashes
  • glark: a sort of colorized grep
  • curl: a tool to play with http like mirroring a website
  • star: a tar archiver
  • sgrep: a grep for structures

Other (unsorted)

  • slocate: a file location database
  • wdutch,wfrench: french and dutch dictionaries
  • gpsd: a gps deamon
  • sg3-utils: some scsi utilities
  • dds2tar: dds tapes utilities
  • nomarch: A tool to extract arc archives
  • mpack: A tool to unpack mime format
  • upx: A tool to uncompress UPX executables
  • nxclient: A client for NX servers
  • fccu-checker.sh: A script to check for all those useful utilities
  • heme: Another Hex editor
  • multitail: like tail for multiple files
  • vlc: a media client with framebuffer support
  • dmidecode: a tool to display hardware informations
  • shed: an text based hexa editor
  • hexcat: like cat but with hexadecimal output
  • mbuffer: another pipe measurement tool
  • w3m: a tool to get web pages like curl or wget

Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.