Security and Forensic Tools
McCracken Associates does not control third-party content and provides
information and links on its public website as a convenience; therefore, we cannot
attest to its validity, viability or security. Certain entities, equipment,
information, downloads or materials may be identified; however, such
identification is not intended to imply recommendation or endorsement by
McCracken Associates, nor is it intended to imply that the entities,
equipment, information, downloads or materials are secure or the best
available for their respective purpose. Although we provide links to other
publicly accessible websites, neither McCracken nor its associates assume any responsibility
for inaccuracies, errors, or omissions.
If you download software or access websites found on mccrackenassociates.com,
you do so at your own risk. Proceed with caution when downloading software
from the Internet. If you run untrusted software or install untrusted device
drivers, you may be at risk of introducing malicious code into your system(s).
In no event will McCracken or its associates be liable for direct, indirect,
incidental, or consequential damages resulting from any defect or omission.
We strongly recommend a complete examination of any software, including but
not limited to hash comparisons from known good binaries, in an isolated
test lab environment prior to deploying it to production systems.
Please keep in mind that security scanners and penetration testing tools are
often not the same. Some tools are designed for reconnaissance purposes and
simply harvest banners while others are designed to breach security barriers
in search of specific vulnerabilities. It is important to understand that
unauthorized use of most penetration testing tools is illegal and should not
be conducted without prior written approval, including but not limited to:
engagement agreements that specify the scope, terms, and objectives of the
proposed testing to be conducted; roles and responsibilities of each
participant; written approval from third-party hosting companies or ISPs
that includes details such as, targets, time, source addresses, etc.;
confidentiality agreements; and rules governing potential liability issues.
If you are reviewing the voluminous data produced by a vulnerability
penetration test, it is extremely important to understand the specifics of
the data, how it relates to your particular infrastructure, which
vulnerabilities pose actual business risks, and what, if any, false
positives are generated as a result of the test.
AccessData provides software solutions to securely erase data and to break
or crack passwords from common applications such as MS Word, Excel,
Wordperfect, NT, Money, Access, Paradox, Quickbooks, Quicken, Quattro Pro,
Lotus, and others.
Advanced Management Technology offers software products for management
administration and security of systems, networks, data, and users from
simple password protection and application firewalls through to pro-active
monitoring, packet capture and decode, to advanced external probes checking
your network security from the outside like a hacker would.
@stake has assembled the best minds in digital security to help you
understand and mitigate the security risks inherent in your business model,
so that you can maximize the opportunity in front of you.
BindView Corporation began in 1990 in Houston, Texas. Our founding product,
developed in 1991, was a software solution designed to report on the
security of PC-based networks. Over the last decade we have grown our
product offerings through development and acquisition. Today we are
recognized as a leading provider of IT security and management solutions.
BLADE software has developed a number of patent-pending technologies that
allow enterprises to unobtrusively audit the integrity and control the
policies of their diverse operational security systems. This allows our
customers to both increase the level of security of their mission-critical
networks, while simultaneously reducing the costs of operating those
networks. BLADE software helps enterprises ensure the integrity of their
There is no particular order to the scripts. They are mostly things Carvdawg
put together over time, found useful, and decided to share. Many of the
scripts have appeared in his presentations or published articles. Also, many
of the scripts have been successfully compiled with Perl2Exe and employed as
Forensics Tool Testing Project (CFTT) provides a measure of
assurance that the tools used in the investigations of computer-related
crimes produce valid results. It also supports other projects in the
National Institute of Justice’s overall computer forensics research program,
such as the National Software Reference Library (NSRL).
A vendor neutral dedicated website that addresses port 80 web application
security, news on the latest web security vulnerabilities and articles.
CIS Gold Standard
Minimum Security Benchmarks and Scoring Tool
Consensus Minimum Security Benchmarks, also known as the Gold Standard, was
developed jointly by five federal agencies, including the National Security
Agency (NSA) and the FBI's National Infrastructure Protection Center, as
well as the SANS Institute and the Center for Internet Security (CIS). The
Gold Standard benchmark can be used to test Windows NT and Windows 2000
Professional systems running as workstations for proper configuration.
Software CSDIFF CS-RCS
Component Software Inc. is a leading provider of software tools and
components to the development community.
CORE IMPACT is the first automated, comprehensive penetration testing
product for assessing specific information security threats to an
organization. With CORE IMPACT, any network administrator can now safely and
efficiently determine exactly how an attacker can get control of their
valuable information assets.
Information Security and Data Forensics - Thomas Rude, CISSP.
CryptoHeaven allows your group to send encrypted e-mail, securely backup and
share files, and any other form of electronic media through a secure
environment. CryptoHeaven makes it simple to archive, store, access, and
share information among coworkers, work groups, clients, and customers
through this easy to use online service.
CrypTool is a freeware program that enables you to apply and analyze
cryptographic mechanisms. CrypTool has implemented almost all
state-of-the-art crypto functions and allows you to learn about and use
modern and classic cryptography within the same environment.
Data Encryption Software by
BestCrypt software was developed step by step beginning from a command-line
encryption utility for DOS to a modern 32-bit software for Windows 95/98 and
Windows NT72000. At present, Jetico, Inc. offers four products: BestCrypt
for DOS/Windows 3.11, BestCrypt Windows 95/98/NT/2000, BestCrypt for Linux
and the BCWipe software for Windows 95/98/NT/2000.
Forensic Computing Tools and Utilities.
The Digital Forensic Research Workshop (DFRWS) was initiated in August 2001
to bring academic researchers and digital forensic investigators and
practitioners together for active discussion that addresses three major
objectives: 1) Define the need and create the processes for the
incorporation of a rigorous scientific method as a fundamental tenant of the
evolving discipline of Digital Forensic Science. 2) Develop a research
agenda that considers practitioner requirements, multiple investigative
environments and emphasizes real world usability. 3) The discovery,
explanation and presentation of conclusive, persuasive evidence that will
meet the heightened scrutiny of the courts and other decision-makers in
military and civilian environments.
Home of F.R.E.D. and FireFly and other
Software and Hardware Solutions for the Computer Forensics Community.
Maintains an indices of worms, tools, and projects.
The E-Evidence Information and Resource site, a Digital Forensics and
Electronic Evidence resource, is a side effect of Christine Siedsma's
research and learning process conducted in connection with her position as
Project Manager at the Computer Forensic Research and Development Center at
Utica College, and her ongoing search to find timely material to present to
the students enrolled in the Computer Forensic course that she teaches at
This program is useful for those evaluating pseudorandom number generators
for encryption and statistical sampling applications, compression
algorithms, and other applications where the information density of a file
is of interest.
The core of EvidentData is a team of professionals, many with law
enforcement backgrounds, experienced in investigating and prosecuting cases
Sniffing the glue that holds the Internet together. Ethereal is a free
network protocol analyzer for Unix and Windows. It allows you to examine
data from a live network or from a capture file on disk. You can
interactively browse the capture data, viewing summary and detail
information for each packet. Ethereal has several powerful features,
including a rich display filter language and the ability to view the
reconstructed stream of a TCP session.
farm9 provides managed security services to protect our clients’ critical
computing infrastructure. We are a pioneer in the field of vulnerability
prevention, detection and response. farm9 was founded as a California
corporation in March of 2000 and is privately held.
Firewall Forensics - What Am I Seeing?
Firewall Forensics (What am I seeing?) by Robert Graham. This document
explains what you see in firewall logs, especially what port numbers means.
You can use this information to help figure out what hackers are up to. This
document is intended for both security-experts maintaining corporate
firewalls as well as home users of personal firewalls.
Home Windows based Protected Storage Explorer
Forensic Ideas, a non profit group, focuses its efforts on research and
development of tools to aid the digital investigator get on with his job.
Their aim is to deliver useful information to the field of digital
investigation. They offer their research in the form of free tools that
could be used in the field and aim to develop the tools to such a high
specification that they will be able to be used to produce reports that
could be presented as evidence in a court of law.
FIRE is a portable bootable cdrom based distribution with the goal of
providing an immediate environment to perform forensic analysis, incident
response, data recovery, virus scanning and vulnerability assessment.
Also provides necessary tools for live forensics/analysis on win32, sparc
solaris and x86 linux hosts just by mounting the cdrom and using trusted
static binaries available in /statbins.
Helix is a customized distribution of the Knoppix Live Linux CD. Boot the CD
and you have Helix. That includes customized linux kernels (2.4.26 & 2.6.5),
Fluxbox window manager, Excellent hardware detection and many applications.
Helix has been modified to specifically not touch the host computer and be
forensically sound. Helix also has a special Windows autorun side for
Incident Response. Helix is now used by SANS for training in Track 8: System
Forensics, Investigation and Response.
Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. Boot
to the CD and you have Knoppix-STD. That would include Linux kernel 2.4.20,
KDE 3.1, incredible hardware detection and hundreds of applications. Boot
without the CD and you return to your original operating system. Aside from
borrowing power, peripherals and some RAM, Knoppix-STD doesn't touch the
This site is a site devoted to Computer Forensics using the Linux Operating
system. It is a collection of links to resources in order to help anyone
involved in the field of data forensics.
Forensics Acquisition Utilities George M. Garner Jr.
This is a collection of utilities and libraries intended for forensic or
forensic-related investigative use in a modern Microsoft Windows
Computer Forensics News and Discussion.
Computer Forensics, Cybercrime and Steganography Resources.
Forensics Web is dedicated to technology related investigations and
forensics. The site caters to law enforcement and corpsec interests with a
special focus on computer related forensics and investigations.
A leader in Forensics, Intrusion Detection, Scanners, and Stress Testing,
Foundstone offers a comprehensive set of free tools and utilities.
Freshmeat maintains the Web's largest index of Unix and cross-platform
software, themes and related "eye-candy", and Palm OS software. Thousands of
applications, which are preferably released under an open source license,
are meticulously cataloged in the freshmeat database, and links to new
applications are added daily. Freshmeat is the first stop for Linux users
hunting for the software they need for work or play. It is continuously
updated with the latest developments from the "release early, release often"
community. An essential resource for serious developers, freshmeat.net makes
it possible to keep up on who's doing what, and what everyone else thinks of
GFI Languard Tools
G-Lock Software is an Internet/software company working in different
programming environments. Our current developments introduce tools and
applications in the field of TCP/IP and Winsock applications programming.
Guidance Software is the world leader in computer forensics software,
acquisition hardware and training. EnCase is a comprehensive solution that
handles every stage of computer forensics investigations, from the preview
and acquisition of an evidence drive to the generation of a final report.
The "case-based" methodology provides a non-invasive, Windows-based solution
to acquire, analyze, document and preserve computer evidence -- including
deleted and unallocated files. See EnCase
Legal Resources for validated court cases, EnCase Legal Journal
Computer Forensic Tool Testing Program for further validation.
Hackers Choice, The
The intention of THC is to demonstrate weaknesses in common security
solutions that can be found in telecommunication and network services. On
this site you will find software and papers that were released by THC
members. They should provide you with knowledge and the ability to check for
security problems. We also want to advice you not to use any information or
software provided on this site for illegal purposes. Respect the law as we
do. THC is a non-commercial group, every line of code, of text and of this
site has been written in our free time.
Exploration of Computer Systems - Share the Knowledge. In the August of
2001, phizz0r started this site as an archive of his security related
papers, links, programs, etc. The archive just kept growing and growing, and
so did the number of people who wanted access to it.
An online vulnerability scanner and latest exploit information.
This site is dedicated to serving readers who wish to keep up-to-date with
news and events surrounding the world's most popular information system
O'Reilly Hacks Series of Books and Contributed Hacks.
Hash - Md5 - SHA1 - CRC32
Unless you built your OS from source, the executable applications from the
original distribution should never change in content or size. The checksums
in this database can quickly tell you if a file has been modified since it
was first installed from the distribution.
Some good hash tools: ACSV
Digital Detective |
The NIST National Software Reference Library
NSRL project is
supported by the US DOJ NIJ and is designed to collect software from various
sources and incorporate file profiles computed from this software into a
Reference Data Set (RDS) of information. The RDS can be used by law
enforcement, government, and industry organizations to review files on a
computer by matching file profiles in the RDS. This will help alleviate much
of the effort involved in determining which files are important as evidence
on computers or file systems that have been seized as part of criminal
Hideaway.Net is committed to becoming a premier destination for Internet
security solutions through its comprehensive web portal and software
offerings. Combining affordable security tools with daily updates on the
latest alerts, news, and information in the world of Internet security,
privacy online, and viruses, Hideaway.Net brings growing businesses all the
resources necessary to Protect and Secure (tm) their online presence.
High Technology Crime
The High Technology Crime Investigation Association (HTCIA) is designed to
encourage, promote, aid and effect the voluntary interchange of data,
information, experience, ideas and knowledge about methods, processes, and
techniques relating to investigations and security in advanced technologies
among its membership.
Honeyd is a small daemon that creates virtual hosts on a network. The hosts
can be configured to run arbitrary services, and their personality can be
adapted so that they appear to be running certain operating systems.
Honeynet Project -
Tools and Tactics
Here you will find tools for deploying your Honeynet. Most of these
technologies are in various stages of beta development. The Honeynet Project
is a non-profit research group of thirty security professionals dedicated to
information security. We have no income or revenue, all of our research is
done on a volunteer basis. It is our goal to learn the tools, tactics, and
motives of the blackhat community and share these lessons learned. It is
hoped that our research will benefit both its members and the security
community. Founded in April, 1999, all of our work is OpenSource and shared
with the security community.
Know Your Enemy Series - The Tools and Methodologies.
To secure yourself against the enemy, you have to first know who your enemy
is. This military doctrine readily applies to the world of network security.
Just like the military, you have resources that you are trying to protect.
To help protect these resources, you need to know who your threat is and how
they are going to attack.
Monitoring and Forensics Project
The Honeypots: Monitoring and Forensics Project's purpose is to highlight
cutting edge techniques, tools and resources for conducting Honeypot
Research and Forensic Investigation. There are a number of outstanding
Honeypot/net Research projects available, most notably, the Honeynet Project
(http://project.honeynet.org). This project hopes to compliment the work
conducted by the Honeynet Project by focusing on individual honeypots rather
than honenets. The focus is even further specified by highlighting
monitoring and forensic techniques rather than honeypot setup and
installation settings. Many of the papers and tools presented on this
website are the result of honeypot research testing conducted by Ryan C.
Honeypots: FAQ See also Honeyd
Compiled by Lance Spitzner of honeynet.org, the purpose of this page is to
answer the most commonly asked questions concerning honeypot technologies,
including what is a honeypot, what's its value, how do they work, and what
are the different types.
Definitions and Value of Honeypots is difficult to describe and can be
subjective; however, a collaborative effort (see SecurityFocus
Honeypot Definition Thread) concluded "A honeypot is an information
system resource whose value lies in unauthorized or illicit use of that
resource." As perplexing as the definition is,
Honeypots by Lance Spitzner.
Honeytokens: The Other Honeypot by Lance Spitzner
Forensic Examination Standards and Procedures.
International Association of Computer Investigative Specialists is an
international volunteer non-profit corporation composed of law enforcement
professionals dedicated to education in the field of forensic computer
Group Test |
NWFusion IDS Review
Institute for Security and Open methodologies (ISECOM) The software tools in
the section are related to Security Testing. Many of these tools are open
source. We recommend you review the code of whatever you implement. Be aware
that any tool you download and execute may have spying or Trojan features.
Dr. Anton Chuvakin, GCIA - NetForensics
Anton Chuvakin, Ph.D., GCIA (http://www.chuvakin.org) is a Senior Security
Analyst with netForensics, a security information management software
company that provides real-time network security monitoring solutions. His
areas of infosec expertise include intrusion detection, UNIX security,
forensics, honeypots, etc. In his spare time he maintains his security
portal at http://www.info-secure.org.
INFOSYSSEC System Security
The Security Portal for Information System Security Professionals offering
the most comprehensive computer and network security resource with online
network tools; security, underground, virus, software, general, news,
magazine, article, and MP3 search engines.
Top 75 Tools
Home of Nmap and one of the best Internet sites for security tools,
scanners, reading, and security
ICS is the technology leader in the design and manufacture of High-speed
Hard Drive Duplication equipment, Software Cloning Solutions and Diagnostic
Systems. In addition, Intelligent Computer Solutions is the preeminent
supplier of Law Enforcement & Computer Forensic Systems to Law Enforcement
personnel ranging from local police departments to Federal and International
agencies. Intelligent Computer Solutions also provides a full range of Data
Recovery Solutions ranging from self help s/w to professional lab service.
Founded in 1994, Internet Security Systems (ISS) is a security software
pioneer and global leader in information protection solutions dedicated to
protecting its customers from today's and tomorrow's threats. Internet
Security Systems' award-winning solutions dynamically detect and prevent
attacks against online assets. This proactive line of defense protects
networks, servers and desktops against an ever-changing spectrum of threats,
with a comprehensive line of products and services designed specifically for
the particular needs of enterprise, smaller business, consumer and service
provider markets. These dynamic threat protection solutions go beyond basic
access control to deliver multiple layers of defense that detect, prevent
and respond to threats prior to damaging our customers’ business operations.
Last Bit Software Password
LastBit Software uses newest algorithms and methods in conjunction with
powerful hardware solutions to bring to its users password recovery products
for all today's most popular applications. They offer password recovery
solutions for small and medium-sized enterprises as well as for large
corporations and individuals around the world.
Gambit Computer Forensics Tools and Information Links
Linux Kernel Archives
Logicube is the recognized world leader in hard drive duplication, back-up,
and computer forensics systems. Logicube's hard drive cloning and
duplication systems are used throughout the world in thousands of IT
departments, as well as by leading law enforcement agencies.
Mares and Company is a computer forensic, data analysis, and training
company started by Dan Mares in 1998.
Featuring the best in Security trojans, firewalls, vulnerabilities,
exploits, scanners, cleaners.
Featuring Netstat Viewer, a GUI replacement for the command line
application; and, LExE, a utility that lists all executable extensions on
The "Nessus" Project aims to provide to the internet community a free,
powerful, up-to-date and easy to use remote security scanner. Unlike many
other security scanners, Nessus does not take anything for granted. That is,
it will not consider that a given service is running on a fixed port - that
is, if you run your web server on port 1234, Nessus will detect it and test
its security. It will not make its security tests regarding the version
number of the remote services, but will really attempt to exploit the
Net Optics is a global network passive monitoring tap provider.
NGSSniff is a network packet capture and analysis program. It requires
Windows 2000 or XP, and allows users to capture, save and analyse traffic on
their network. The current version is a BETA test version and provided free
of charge. Features include: Clean, simple, fast GUI; Packet capture via
Windows Sockets raw IP (WSAIoctl); Packet capture via Microsoft Network
Monitor drivers; Simple packet parsing (ip, tcp, udp, icmp, ethernet, arp);
Packet sorting; Import from Microsoft Network Monitor .cap files; ASCII
view; Easy cut-and-paste operation; No need to install any drivers; Realtime
packet viewing - no need to stop the capture.
NMRC was formed by Simple Nomad, namely because he felt compelled to put
something in the Organization header field in his newsreader. Nomad Mobile
Research Centre. Where ever you are, that is the hacker lab. Be it work,
home, consulting, even in the car or in the shower -- just keep the brain
working. Most of the stuff here deals with computer security, and is the
result of working in this large virtual lab (although most NMRC members have
fairly nice dedicated labs for security research).
Network Security Toolkit
This bootable ISO CD is based on Red Hat Linux 9. The toolkit was designed
to provide easy access to best-of-breed Open Source Network Security
Applications and should run on most x86 platforms. The main intent of
developing this toolkit was to provide the network security administrator
with a comprehensive set of Open Source Network Security Tools. The majority
of tools published in the article: Top 75 Security Tools by insecure.org are
available in the toolkit. What we find rather fascinating with NST is that
we can transform most x86 systems (Pentium II and above) into a system
designed for network traffic analysis, intrusion detection, network packet
generation, wireless network monitoring, a virtual system service server, or
a sophisticated network/host scanner. This can all be done without
disturbing or modifying any underlying sub-system disk. NST can be up and
running on a typical x86 notebook in less than a minute by just rebooting
with the NST ISO CD. The notebook's hard disk will not be altered in any
way. NST also makes a excellent toolkit to help one with all sorts of crash
recovery troubleshooting scenarios and situations.
N-Stalker is a digital security company focused on security intelligence and
the development of defense systems. Their main product is N-Stealth, which
is distributed to customers in more than 30 countries - ranging from small
businesses to the largest corporate enterprises, while also securing service
providers, government agencies, higher education institutions and
infrastructure-critical networks in the United States. N-Stealth is a
vulnerability-assessment product that scans web servers to identify security
problems and weaknesses that might allow an attacker to gain privileged
access. The software comes with an extensive database of over 30,000
vulnerabilities and exploits. It is ideal for system administrators,
security consultants, and IT professionals. Simply plug in your IP address
and let it run -- within minutes, you'll have a full report outlining all
the potential security holes on the server.
SafeBack is used to create mirror-image (bit-stream) backup files of hard
disks or to make a mirror-image copy of an entire hard disk drive or
partition. New Technologies, Inc. was founded in 1996 by internationally
recognized computer experts in computer forensics and computer forensic
utility software development. NTI specializes in finding computer secrets
and are experts in the exploitation of the security weaknesses in DOS,
Windows, Windows 95, Windows 98, Windows NT and Windows 2000 to find
computer evidence and computer security data leakage. NTI's computer
forensics laboratory is believed to be the largest in the world dedicated to
computer evidence processing and civil litigation support services. NTI
works primarily with Fortune 1000 companies, Big 5 accounting firms, law
firms, government contractors, government agencies, military agencies and
law enforcement agencies.
NT Security Utilities
NTSecurity.com is the one stop portal for NT Security offering Active
Registry Monitor, AdmWin, Atelier Web Security Port Scanner, Blast,
FileWatch, Fpipe, Fport 1.33, Random Password Generator, Netcat by L0pht.
openforensics.org is intended to be a one stop shop for people looking for
information in the area of digital evidence investigation, commonly referred
to as computer forensics. Whether you're a corporate investigator, law
enforcement officer, or just a student interested in the field, our hope is
that this site becomes THE repository of information on the where when why
and how of computer forensics. We offer message boards, mailing lists, and a
home for documents and applications to aid in the investigative process.
Storm's Recent 50
The 50 most recent tool and utility files added to Packet Storm. A great
Port80 Software, Inc. develops software products to enhance the security,
performance and user experience of Microsoft's Internet Information Server
(IIS). Simply put, we have combined business and programming expertise in
Internet technologies to make IIS-based websites, Web applications and
servers safer, faster and more user-friendly.
Port Scanners - Remote:
NMAP | ShieldsUP
Cotse is a leading computer professional resource and offers an array of
Windows Process Viewer
PrcView is a process viewer utility that displays detailed information about
processes running under Windows. For each process it displays memory,
threads and module usage. For each DLL it shows full path and version
information. PrcView comes with a command line version that allows you to
write scripts to check if a process is running, kill it, etc.
Dedicated to ensuring the authenticity of people, devices and transactions
in the wired and wireless worlds.
Public Domain Security Tools:
Rootkits can often be difficult to detect on a compromised system. To this
end, chkrootkit.org, rootkit.nl
and rootkit.com offer an
array of information and tools to help detect if an intruder installed their
preferred collection of stealthy tools and ran a series clean-up scripts to
help hide the initial intrusion.
by Utimaco Safeware
Encryption and Access Control for Laptops and Workstations. SafeGuard Easy
provides total company-wide protection for sensitive information on laptops
and workstations. Boot protection, pre-boot user authentication and hard
disk encryption using powerful algorithms guarantee against unauthorized
access and hacker attacks. SafeGuard Easy is both simple to install and
operates transparently in the background.
Security Consensus Operational Readiness Evaluation (SCORE) is a cooperative
effort between SANS/GIAC and the Center for Internet Security(CIS). SCORE is
a community of security professionals from a wide range of organizations and
backgrounds working to develop consensus regarding minimum standards and
best practice information, essentially acting as the research engine for
CIS. After consensus is reached and best practice recommendations are
validated, they may be formalized by CIS as best practice and minimum
standards benchmarks for general use by industry at large.
Another great multi-platform resource for tools and utilities.
SecurityStats.Com was founded in April, 2000. The site was created out of a
perceived need for a central repository of interesting computer security
statistics, which could be used in research materials as well as corporate
security expenditure documentation. Most statistics gathered on this site
have been pulled from other Internet resources. Their Online Dictionary
Based Password Hash Cracker is a web based demonstration tool that shows how
easy it is to break dictionary based passwords and can found on their
SecurityFriday offers an array of pen test tools and insightful articles.
For executives who must ensure the welfare of their intellectual assets and
the successful management of their enterprise networks, SilentRunner®
delivers patented products in the Network Security Analysis market.
Sleuthkit.org is the official website for The Sleuth Kit and The Autopsy
Forensic Browser. Both are open source file system digital forensics tools
from Brian Carrier that run on Unix systems (such as Linux, OS X, FreeBSD,
OpenBSD, and Solaris) and analyze NTFS, FAT, UFS, EXT2FS, and EXT3FS file
systems. The Sleuth Kit was previously called The @stake Sleuth Kit (TASK).
Detection by Securiteam.com
Detecting sniffers on your network.
List - by Stearns.org
The best list of available Sniffers for different platforms, indexes and
tutorials on the net.
Sniffer FAQs - Sniffer Detectors - Network Sniffers - Wireless Sniffers
Sourceforge - Win32 versions of Unix Tools
SourceForge.net is the world's largest Open Source software development website, providing free hosting to tens of thousands of projects. The mission
of SourceForge.net is to enrich the Open Source community by providing a
centralized place for Open Source developers to control and manage Open
Source software development. To fulfill this mission goal, they offer a
variety of services to projects they host, and to the Open Source community.
Internet Monitoring and Surveillance Tool. SpectorSoft develops, markets and
supports PC/Internet monitoring and surveillance products for business,
education, government and general home users.
Galactus | Carnegie Mellon
Steganography is the art of hiding signals inside other signals. This
basically comes down to using unnecessary bits in an innocent file to store
your sensitive data. The techniques used make it impossible to detect that
there is anything inside the innocent file, but the intended recipient can
obtain the hidden data. This way, you not only hide the message itself, but
also the fact that you are sending this message. Dartmouth Professor Hany
Farid has a program that is 90% effective and may unlock the mysteries
Dartmouth College News&Events release August 2001.
The Sysinternals website provides you with advanced utilities, technical
information, and source code related to Windows 9x, Windows Me, and Windows
NT/2000 internals that you won't find anywhere else.
Sys-Security.com is a website dedicated to computer security research. It
is the home of the "ICMP Usage In Scanning" research project. The Internet
Control Message Protocol may seem harmless at first glance. Its goals and
features were outlined in RFC 792 (and than later cleared in RFCs 1122,
1256, 1349, 1812), as a way to provide a means to send error messages,
troubleshoot networking problems, and more. There is no consent between the
experts in charge for securing Internet networks regarding the actions that
should be taken to secure their network infrastructure in order to prevent
Talisker aka SecurityWizardry.com maintains a good resource for security tools and software including
In Line Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
TamoSoft, Inc., specializes in security and network monitoring software for
the Internet and local area networks. We have been developing software for 3
years and take great pride in our achievements and excellent customer
support. Today our products and custom solutions may be found in businesses
all over the world, including a large number of Fortune 500 companies, as
well as in thousands of smaller ventures. Our blue-chip customers include:
Motorola, Siemens, Ericsson, Nokia, Lucent Technologies, Olympus Optical
Co., Nortel Networks, Unisys, UBS, Dresdner Bank AG, General Electric.
Their software tools are currently in use by many large companies Compaq,
Microsoft, Raytheon, Siemens, Unisys, etc., Government agencies FBI,
Customs, DoD, etc., Educational institutions MIT, U. of GA., U. of AL.,
Cornell, Texas A&M, Columbia, etc., and are in use internationally U.K.,
Israel, Germany, U.K., Netherlands, Spain, etc.
Technology Pathways -
Technology Pathways provides a wide range of security products and services
directed at all areas of computer security and forensics. The Technology
Pathways team is led by Christopher L. T. Brown. Prior to his position with
Technology Pathways Mr. Brown has served as Chief Technology Officer and
Director of GlobalApp, Inc., Chief Technology Officer for CompuVision, Inc.,
Vice President of Operations and Director of StoragePoint, Inc. Mr. Brown
teaches computer security and computer forensics at the University of
California at San Diego and has written numerous books on Windows NT and the
TigerSurf is a suite of SafetyWare that both home and business users can
incorporate as part of a complete Internet protection toolkit.
TREACHERY UNLIMITED is founded on one simple principle: "By seeing your
defenses through the eyes of your worst enemy, you become your best
guardian." This principle is reinforced with the belief that, since
attackers make attempts on your systems at no charge, so you should be able
to defend your systems at no additional cost. This site serves as a
clearinghouse of security-related information by which system and network
administrators may better defend the systems for which they are responsible.
Tripwire provides software and services to ensure the security and
availability of servers and network devices, while enabling increased
control over the IT infrastructure.
TUCOFS The Ultimate Collection of Forensic Software
This site places all Law Enforcement Personnel in touch with the latest and
greatest Internet based resources for High Tech Law Enforcement purposes.
Resource types include files, sofware, websites and documentation. TUCOFS
can be used as an index pointing you to various resources, allowing you to
quickly find exactly what you are looking for.
WebAttack.com is the world's largest Internet related software and utility
collection for Windows, with almost 5000 titles in over 280 categories.
Whitehats maintains an open source free tools database.
and Incident Recovery by Harlan Carvey.
This is the first book to address the topic of incident response/recovery
and forensics solely for Windows systems. The book addresses issues such as
preparing for incidents, and what to when incidents occur, all the way up to
making a bit-level image of the hard drive.
WinDump is the porting to the Windows platform of tcpdump, the most used
network sniffer/analyzer for UNIX. Porting is currently based on version
3.5.2. WinDump is fully compatible with tcpdump and can be used to watch and
diagnose network traffic according to various complex rules. It can run
under Windows 95/98/ME, Windows NT and Windows 2000. Before running WinDump,
you must FIRST download and install WinPcap.
WinGuardian by Webroot
Complete monitoring and blocking tools for controlling Internet activity on
public computers. Webroot Software, Inc. is a leading provider of privacy,
protection and performance software for home and business computer users.
Founded in 1997, Webroot has focused on delivering peace of mind with
innovative software solutions that guard your computing privacy, protect you
and your children online, and improve computer performance.
WINSNORT.com is for anybody who wants to learn how to install a complete
Intrusion Detection System (IDS) in a Windows, Solaris9 (BETA), or Redhat 9
environment including an Enterprise solution, using the most popular and
known Intrusion Detection Engine known as Snort! You will find tutorials
written for users of all skill levels that both newbie’s and advanced users
will enjoy and understand.
Winternals Software is an Austin, Texas-based developer of advanced
administration tools for Windows-based systems. Winternals Software products
support IT professionals in numerous ways, emphasizing system repair and
data recovery, and including system performance enhancement, system
diagnostics and troubleshooting, and data accessibility solutions.
Established in 1996 by Bryce Cogswell, Ph.D. and Mark Russinovich Ph.D.,
Winternals Software has become a leading solutions provider to enterprises
X-Ways Software Technology
WinHex Hex Editor for Files, Disks and RAM
Zeno's Forensic Site
Zeno Geradts is a forensic scientist at the Netherlands Forensic Institute
of the Ministry of Justice at the Digital Evidence section in the area of
forensic (video) image processing and pattern recognition. This site
provides information on forensic science, forensic psychiatry and other
aspects of forensic evidence. The site with links is listed at Zeno's
Forensic Page since 1993.