This has been an interesting month in which I found myself rebuilding many systems that I use to do work which consequently makes for a great time to share some of my favorite applications. As a Basement PC Tech you may feel that these applications may have some value to you too. Please feel free to share some of you favorites applications too that may be of value to other Basement PC Tech's
Received some good recommendation so I have updated the list 5-10-2012.
Tools that every Basement PC Tech should have as part of their toolkit
Utilities
7zip - Open Source file archiver with high compression ratio
VLC media player - a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols.
Sysinternal - a collection of advance system utilities for Windows.
sqlitebrowser - a light GUI editor for SQLite databases
Mandiant Highlighter - is a free utility designed primarily for security analysts and system administrators. Highlighter provides a user with three views of the log or text file being analyzed:
- a text view that allows users to highlight interesting keywords and remove lines with “known good” content
- a graphical, full-content view that shows all content and the full structure of the file, rendered as an image that is dynamically editable through the user interface
- a histogram view that displays patterns in the file over time. Usage patterns become visually apparent and provide the examiner with useful metadata that is not available in other text viewers/editors.
Firefox - a free and open source web browser
Firefox plug in NoScript - pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.
Firefox plug in Firebug - Allows inspect, edit and monitor CSS, HTML, JavaScript and Net requests in any web page.
Oracle VirtualBox - powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use
TeamViewer - Remote Control sharing program.
CutePDF - Convert to PDF documents on the fly — for Free!
Filezilla - FTP and SCP client
Putty - a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator
FastResolver - a small utility that resolves multiple host names into IP addresses and vice versa.
DNSDataView - utility is a GUI alternative to the NSLookup tool that comes with Windows operating system. It allows you to easily retrieve the DNS records (MX, NS, A, SOA) of the specified domains. You can use the default DNS server of your Internet connection, or use any other DNS server that you specify. After retrieving the DNS records for the desired domains, you can save them into text/xml/html/csv file.
Expresso (Regex Editor) - an editor that equally suitable as a teaching tool for the beginning user of regular expressions or as a full-featured development environment for the experienced programmer or web designer with an extensive knowledge of regular expressions.
Notepad ++ - a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages
Microsoft Log
Parser 2.2 –
is a powerful, versatile tool that provides universal query access to
text-based data such as log files, XML files and CSV files, as well as key data
sources on the Windows operating system such as the Event Log, the Registry,
the file system, and Active Directory.
Productivity
http://www.libreoffice.org/
Evernote - Great note taking application that saves your data in the "cloud". With application designed for Window, MAC, Firefox, Chrome and many of the mobile phones operating systems, you can access your notes from any where.
Password Management - see One Password to Rule Them All!!!!!
Dropbox - is a free service that lets you bring your photos, docs, and videos anywhere and share them easily. Never email yourself a file again!
Forensics Related
Sans
Investigate Forensics Toolkit (SIFT) Workstation - The SIFT
Workstation is a VMware appliance, pre-configured with the necessary tools to
perform detailed digital forensic examination in a variety of settings. It is
compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF),
and raw (dd) evidence formats. The brand new version has been completely
rebuilt on an Ubuntu base with many new capabilities and tools such as
log2timeline that provides a timeline that can be of enormous value to
investigators.
LINUX OS – Ensure the following is installed
(may be default with many distro)
·
Wireshark
·
Libre
Office
·
Python
(pre-installed)
·
Perl
(pre-installed)
·
The
Sleuth Kit
·
Access
Data Command Line Version of FTK Imager
Linux Version http://accessdata.com/support/adownloads
·
Volatility
Memory Analysis (Optional) (Installed in SIFT Workstation) https://www.volatilesystems.com/default/volatility
Mandiant Web Historian - helps users review the list of websites (URLs) that are stored in the history files of the most commonly used browsers, including: Internet Explorer, Firefox and Chrome
Mandiant Redline - Redline is a free utility from MANDIANT that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis. Designed to help find even the best-hidden malware, it analyzes and rates every running process on a system according to risk, combining Memoryze's live memory analysis with MRI (Malware Risk Index) scoring. Redline makes memory forensics accessible to any investigator without relying upon easily-defeated signature-based detection
Access Data FTK Imager - Forensics Imager
Access Data Registry Viewer - Offline Windows Registry Viewer
HBGary FastDump - forensically sound Windows™ memory dumping utility (Requires login)
HBGary Responder Community Edition - provides the most thorough and comprehensive memory analysis capability in the industry. Responder™ Community Edition virtually rebuilds all the underlying data structures up to 6 gigabytes of RAM. This includes all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation. (Requires login)
QCC Casenote - Application to allow forensic analysts and examiners to securely record their contemporaneous notes electronically.
RegRipper – Script to
parse Windows registry files to txt.
Prefetch-Parser – Parse the
prefetch files and display information
from files.
Pasco – Internet
Explorer Activity Forensic Analysis Tool
IECacheView
– Internet
Explorer Cache View is s a small utility that reads the cache folder of
Internet Explorer, and displays the list of all files currently stored in the
cache. http://www.nirsoft.net/utils/ie_cache_viewer.html
IE
PassView
– Recover lost passwords stored by Internet Explorer - is a small password
management utility that reveals the passwords stored by Internet Explorer Web
browser.
MozillaCacheView –
Mozilla/Firefox Browsers History Viewer is a small utility that reads the
history data file (history.dat) of Firefox/Mozilla/Netscape Web browsers, and
displays the list of all visited Web pages in the last days.
PasswordFox - is a small
password recovery tool that allows you to view the user names and passwords
stored by Mozilla Firefox Web browser.
SkypeLogView – Skype Log
Viewer (.dbb and main.db files) is reads the log files created by Skype
application, and displays the details of incoming/outgoing calls, chat
messages, and file transfers made by the specified Skype account.
Mail
PassView
- is a small password-recovery tool that reveals the passwords and other
account details for popular email clients.
PstPassword - is a small
utility that recover lost password of Outlook .PST (Personal Folders) file.
OperaCacheView - is a small
utility that reads the cache folder of Opera Web browser, and displays the list
of all files currently stored in the cache.
ChromeCacheView - is a small
utility that reads the cache folder of Google Chrome Web browser, and displays
the list of all files currently stored in the cache.
LiveContactsView
-
is a small utility that allows you to view the details of all contacts in your
Windows Live Messenger.
Thumbnail_html
– Read a directory of graphics and create a webpage to
display them plus display EXIF info
FragView
- application that allows a recursive list of html,
jpg and Flash files to be viewed in an adjacent pane without having to manually
navigate to each one individually and open it. A great time saver, especially
for previewing exported webmail fragments!
VideoTriage
- designed to produce thumbnails of selected movie
files so that the movie doesn’t need to be watched.
Windows
File Analyzer – an application that decodes and analyzes the
following Windows OS files: Thumbnail Database, ACDSee Thumbnail database,
Google Picasa Thumbnail Database, FastStone Viewer Thumbnail Database, HP
Digital Imaging Thumbnail Database, Prefetch, Shortcut, Index.dat and Recycle
Bin.
FixEvt - is a tool for automating the recovery and analysis of Windows NT5 (XP
and 2003) event logs, primarily for computer forensics.
Vista-thumbcache-parser – Parse the Vista thumbcache file
Windows
ShellBag Parser – Parse registry shellbag key. ShellBag information
is a set of keys in a user registry hive (eg. ntuser.dat file) used by the
Windows operating system to track user window viewing preferences.
Recycle-Bin – parse the Recycle bin and output information about it.
Rifiuti - A Recycle Bin Forensic Analysis Tool.
Forensic
Toolkit v2.0 – contains several Win32 Command line tools that
can help you examine the files on a NTFS disk partition for unauthorized
activity.
I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. Digital Forensics Expert in london
ReplyDeleteExcellent job, this is great information which is shared by you. This info is meaningful and factual for us to increase our knowledge about it. So please always keep sharing this type of information. crime scene examination service Los Angeles
ReplyDeleteI read the above article and I got some knowledge from your article. It's actually great and useful data for us. Thanks for share it. Cybersecurity News Headlines Today Canada
ReplyDeleteVery good information, I am highly obliged to you that you have shared this information with us. I got some valuable knowledge, and it is really helpful for everyone. Thanks for sharing it once again. VST Tractor
ReplyDelete