Thanks for visiting!

 Home | About Us | Alerts | Links | Site Map | Virus

Security & Forensic Tools


Security and Forensic Tools

McCracken Associates does not control third-party content and provides information and links on its public website as a convenience; therefore, we cannot attest to its validity, viability or security. Certain entities, equipment, information, downloads or materials may be identified; however, such identification is not intended to imply recommendation or endorsement by McCracken Associates, nor is it intended to imply that the entities, equipment, information, downloads or materials are secure or the best available for their respective purpose. Although we provide links to other publicly accessible websites, neither McCracken nor its associates assume any responsibility for inaccuracies, errors, or omissions.

If you download software or access websites found on, you do so at your own risk. Proceed with caution when downloading software from the Internet. If you run untrusted software or install untrusted device drivers, you may be at risk of introducing malicious code into your system(s). In no event will McCracken or its associates be liable for direct, indirect, incidental, or consequential damages resulting from any defect or omission. We strongly recommend a complete examination of any software, including but not limited to hash comparisons from known good binaries, in an isolated test lab environment prior to deploying it to production systems.

Please keep in mind that security scanners and penetration testing tools are often not the same. Some tools are designed for reconnaissance purposes and simply harvest banners while others are designed to breach security barriers in search of specific vulnerabilities. It is important to understand that unauthorized use of most penetration testing tools is illegal and should not be conducted without prior written approval, including but not limited to: engagement agreements that specify the scope, terms, and objectives of the proposed testing to be conducted; roles and responsibilities of each participant; written approval from third-party hosting companies or ISPs that includes details such as, targets, time, source addresses, etc.; confidentiality agreements; and rules governing potential liability issues. If you are reviewing the voluminous data produced by a vulnerability penetration test, it is extremely important to understand the specifics of the data, how it relates to your particular infrastructure, which vulnerabilities pose actual business risks, and what, if any, false positives are generated as a result of the test.

AccessData provides software solutions to securely erase data and to break or crack passwords from common applications such as MS Word, Excel, Wordperfect, NT, Money, Access, Paradox, Quickbooks, Quicken, Quattro Pro, Lotus, and others.

Advanced Management Technology offers software products for management administration and security of systems, networks, data, and users from simple password protection and application firewalls through to pro-active monitoring, packet capture and decode, to advanced external probes checking your network security from the outside like a hacker would.

@Stake Tools
@stake has assembled the best minds in digital security to help you understand and mitigate the security risks inherent in your business model, so that you can maximize the opportunity in front of you.

BindView Corporation began in 1990 in Houston, Texas. Our founding product, developed in 1991, was a software solution designed to report on the security of PC-based networks. Over the last decade we have grown our product offerings through development and acquisition. Today we are recognized as a leading provider of IT security and management solutions.

Blade Software
BLADE software has developed a number of patent-pending technologies that allow enterprises to unobtrusively audit the integrity and control the policies of their diverse operational security systems. This allows our customers to both increase the level of security of their mission-critical networks, while simultaneously reducing the costs of operating those networks. BLADE software helps enterprises ensure the integrity of their security investments.

Carvdawg's Perl Page
There is no particular order to the scripts. They are mostly things Carvdawg put together over time, found useful, and decided to share. Many of the scripts have appeared in his presentations or published articles. Also, many of the scripts have been successfully compiled with Perl2Exe and employed as binary executables.

Computer Forensics Tool Testing Project (CFTT) provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. It also supports other projects in the National Institute of Justice’s overall computer forensics research program, such as the National Software Reference Library (NSRL).
A vendor neutral dedicated website that addresses port 80 web application security, news on the latest web security vulnerabilities and articles.

CIS Gold Standard Minimum Security Benchmarks and Scoring Tool
Consensus Minimum Security Benchmarks, also known as the Gold Standard, was developed jointly by five federal agencies, including the National Security Agency (NSA) and the FBI's National Infrastructure Protection Center, as well as the SANS Institute and the Center for Internet Security (CIS). The Gold Standard benchmark can be used to test Windows NT and Windows 2000 Professional systems running as workstations for proper configuration.

Component Software CSDIFF CS-RCS
Component Software Inc. is a leading provider of software tools and components to the development community.

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. With CORE IMPACT, any network administrator can now safely and efficiently determine exactly how an attacker can get control of their valuable information assets.
Information Security and Data Forensics - Thomas Rude, CISSP.

CryptoHeaven allows your group to send encrypted e-mail, securely backup and share files, and any other form of electronic media through a secure environment. CryptoHeaven makes it simple to archive, store, access, and share information among coworkers, work groups, clients, and customers through this easy to use online service.

CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms. CrypTool has implemented almost all state-of-the-art crypto functions and allows you to learn about and use modern and classic cryptography within the same environment.

Data Encryption Software by Jetico
BestCrypt software was developed step by step beginning from a command-line encryption utility for DOS to a modern 32-bit software for Windows 95/98 and Windows NT72000. At present, Jetico, Inc. offers four products: BestCrypt for DOS/Windows 3.11, BestCrypt Windows 95/98/NT/2000, BestCrypt for Linux and the BCWipe software for Windows 95/98/NT/2000.

Digital Detective
Forensic Computing Tools and Utilities.
The Digital Forensic Research Workshop (DFRWS) was initiated in August 2001 to bring academic researchers and digital forensic investigators and practitioners together for active discussion that addresses three major objectives: 1) Define the need and create the processes for the incorporation of a rigorous scientific method as a fundamental tenant of the evolving discipline of Digital Forensic Science. 2) Develop a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability. 3) The discovery, explanation and presentation of conclusive, persuasive evidence that will meet the heightened scrutiny of the courts and other decision-makers in military and civilian environments.

Digital Intelligence, Inc.
Home of F.R.E.D. and FireFly and other Software and Hardware Solutions for the Computer Forensics Community.

Digital Offense
Maintains an indices of worms, tools, and projects.
The E-Evidence Information and Resource site, a Digital Forensics and Electronic Evidence resource, is a side effect of Christine Siedsma's research and learning process conducted in connection with her position as Project Manager at the Computer Forensic Research and Development Center at Utica College, and her ongoing search to find timely material to present to the students enrolled in the Computer Forensic course that she teaches at Utica College.

This program is useful for those evaluating pseudorandom number generators for encryption and statistical sampling applications, compression algorithms, and other applications where the information density of a file is of interest.

The core of EvidentData is a team of professionals, many with law enforcement backgrounds, experienced in investigating and prosecuting cases involving technology.

Sniffing the glue that holds the Internet together. Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
farm9 provides managed security services to protect our clients’ critical computing infrastructure. We are a pioneer in the field of vulnerability prevention, detection and response. farm9 was founded as a California corporation in March of 2000 and is privately held.

Firewall Forensics - What Am I Seeing?
Firewall Forensics (What am I seeing?) by Robert Graham. This document explains what you see in firewall logs, especially what port numbers means. You can use this information to help figure out what hackers are up to. This document is intended for both security-experts maintaining corporate firewalls as well as home users of personal firewalls.

Forensic Ideas Home Windows based Protected Storage Explorer
Forensic Ideas, a non profit group, focuses its efforts on research and development of tools to aid the digital investigator get on with his job. Their aim is to deliver useful information to the field of digital investigation. They offer their research in the form of free tools that could be used in the field and aim to develop the tools to such a high specification that they will be able to be used to produce reports that could be presented as evidence in a court of law.

Forensics CD-ROMs.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins.

Helix is a customized distribution of the Knoppix Live Linux CD. Boot the CD and you have Helix. That includes customized linux kernels (2.4.26 & 2.6.5), Fluxbox window manager, Excellent hardware detection and many applications. Helix has been modified to specifically not touch the host computer and be forensically sound. Helix also has a special Windows autorun side for Incident Response. Helix is now used by SANS for training in Track 8: System Forensics, Investigation and Response.

Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. Boot to the CD and you have Knoppix-STD. That would include Linux kernel 2.4.20, KDE 3.1, incredible hardware detection and hundreds of applications. Boot without the CD and you return to your original operating system. Aside from borrowing power, peripherals and some RAM, Knoppix-STD doesn't touch the host computer.

Penguin Sleuth
This site is a site devoted to Computer Forensics using the Linux Operating system. It is a collection of links to resources in order to help anyone involved in the field of data forensics.

Forensics Acquisition Utilities George M. Garner Jr.
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment.

Forensics Focus
Computer Forensics News and Discussion.
Computer Forensics, Cybercrime and Steganography Resources.

Forensics Web
Forensics Web is dedicated to technology related investigations and forensics. The site caters to law enforcement and corpsec interests with a special focus on computer related forensics and investigations.

A leader in Forensics, Intrusion Detection, Scanners, and Stress Testing, Foundstone offers a comprehensive set of free tools and utilities.
Freshmeat maintains the Web's largest index of Unix and cross-platform software, themes and related "eye-candy", and Palm OS software. Thousands of applications, which are preferably released under an open source license, are meticulously cataloged in the freshmeat database, and links to new applications are added daily. Freshmeat is the first stop for Linux users hunting for the software they need for work or play. It is continuously updated with the latest developments from the "release early, release often" community. An essential resource for serious developers, makes it possible to keep up on who's doing what, and what everyone else thinks of it.

GFI Languard Tools

G-Lock Software
G-Lock Software is an Internet/software company working in different programming environments. Our current developments introduce tools and applications in the field of TCP/IP and Winsock applications programming.

Guidance Software - EnCase
Guidance Software is the world leader in computer forensics software, acquisition hardware and training. EnCase is a comprehensive solution that handles every stage of computer forensics investigations, from the preview and acquisition of an evidence drive to the generation of a final report. The "case-based" methodology provides a non-invasive, Windows-based solution to acquire, analyze, document and preserve computer evidence -- including deleted and unallocated files. See EnCase Legal Resources for validated court cases,  EnCase Legal Journal Whitepaper (PDF), Whitepapers page and NIST Computer Forensic Tool Testing Program for further validation.

Hackers Choice, The
The intention of THC is to demonstrate weaknesses in common security solutions that can be found in telecommunication and network services. On this site you will find software and papers that were released by THC members. They should provide you with knowledge and the ability to check for security problems. We also want to advice you not to use any information or software provided on this site for illegal purposes. Respect the law as we do. THC is a non-commercial group, every line of code, of text and of this site has been written in our free time.

Hackers Playground
Exploration of Computer Systems - Share the Knowledge. In the August of 2001, phizz0r started this site as an archive of his security related papers, links, programs, etc. The archive just kept growing and growing, and so did the number of people who wanted access to it.

An online vulnerability scanner and latest exploit information.

This site is dedicated to serving readers who wish to keep up-to-date with news and events surrounding the world's most popular information system security book.
O'Reilly Hacks Series of Books and Contributed Hacks.

Hash - Md5 - SHA1 - CRC32 HashKeeper | Knowngoods | NSRL
Unless you built your OS from source, the executable applications from the original distribution should never change in content or size. The checksums in this database can quickly tell you if a file has been modified since it was first installed from the distribution.
Some good hash tools: ACSV | Digital Detective | FileCheckMD5 | md5deep | Whitsoft

The NIST National Software Reference Library NSRL project is supported by the US DOJ NIJ and is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations.

Hideaway.Net is committed to becoming a premier destination for Internet security solutions through its comprehensive web portal and software offerings. Combining affordable security tools with daily updates on the latest alerts, news, and information in the world of Internet security, privacy online, and viruses, Hideaway.Net brings growing businesses all the resources necessary to Protect and Secure (tm) their online presence.

High Technology Crime Investigation Association
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.

Honeynet Project - Tools and Tactics
Here you will find tools for deploying your Honeynet. Most of these technologies are in various stages of beta development. The Honeynet Project is a non-profit research group of thirty security professionals dedicated to information security. We have no income or revenue, all of our research is done on a volunteer basis. It is our goal to learn the tools, tactics, and motives of the blackhat community and share these lessons learned. It is hoped that our research will benefit both its members and the security community. Founded in April, 1999, all of our work is OpenSource and shared with the security community.

Honeynet Project: Know Your Enemy Series - The Tools and Methodologies.
To secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying to protect. To help protect these resources, you need to know who your threat is and how they are going to attack.

Honeypots: Monitoring and Forensics Project
The Honeypots: Monitoring and Forensics Project's purpose is to highlight cutting edge techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. There are a number of outstanding Honeypot/net Research projects available, most notably, the Honeynet Project ( This project hopes to compliment the work conducted by the Honeynet Project by focusing on individual honeypots rather than honenets. The focus is even further specified by highlighting monitoring and forensic techniques rather than honeypot setup and installation settings. Many of the papers and tools presented on this website are the result of honeypot research testing conducted by Ryan C. Barnett.

Honeypots: FAQ See also Honeyd FAQ
Compiled by Lance Spitzner of, the purpose of this page is to answer the most commonly asked questions concerning honeypot technologies, including what is a honeypot, what's its value, how do they work, and what are the different types.

Honeypots: Tracking Hackers
The Definitions and Value of Honeypots is difficult to describe and can be subjective; however, a collaborative effort (see SecurityFocus Honeypot Definition Thread) concluded "A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource." As perplexing as the definition is, Are They Illegal?
Dynamic Honeypots by Lance Spitzner.
Honeytokens: The Other Honeypot by Lance Spitzner

IACIS Forensic Examination Standards and Procedures.
International Association of Computer Investigative Specialists is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science.

IDS Resources: | | NSS Group Test | NWFusion IDS Review

Institute for Security and Open methodologies (ISECOM) The software tools in the section are related to Security Testing. Many of these tools are open source. We recommend you review the code of whatever you implement. Be aware that any tool you download and execute may have spying or Trojan features.
Dr. Anton Chuvakin, GCIA - NetForensics
Anton Chuvakin, Ph.D., GCIA ( is a Senior Security Analyst with netForensics, a security information management software company that provides real-time network security monitoring solutions. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time he maintains his security portal at

INFOSYSSEC System Security
The Security Portal for Information System Security Professionals offering the most comprehensive computer and network security resource with online network tools; security, underground, virus, software, general, news, magazine, article, and MP3 search engines. Top 75 Tools
Home of Nmap and one of the best Internet sites for security tools, scanners, reading, and security lists.

Intelligent Computer Solutions (ICS)
ICS is the technology leader in the design and manufacture of High-speed Hard Drive Duplication equipment, Software Cloning Solutions and Diagnostic Systems. In addition, Intelligent Computer Solutions is the preeminent supplier of Law Enforcement & Computer Forensic Systems to Law Enforcement personnel ranging from local police departments to Federal and International agencies. Intelligent Computer Solutions also provides a full range of Data Recovery Solutions ranging from self help s/w to professional lab service.

Founded in 1994, Internet Security Systems (ISS) is a security software pioneer and global leader in information protection solutions dedicated to protecting its customers from today's and tomorrow's threats. Internet Security Systems' award-winning solutions dynamically detect and prevent attacks against online assets. This proactive line of defense protects networks, servers and desktops against an ever-changing spectrum of threats, with a comprehensive line of products and services designed specifically for the particular needs of enterprise, smaller business, consumer and service provider markets. These dynamic threat protection solutions go beyond basic access control to deliver multiple layers of defense that detect, prevent and respond to threats prior to damaging our customers’ business operations.

Last Bit Software Password Recovery Solutions.
LastBit Software uses newest algorithms and methods in conjunction with powerful hardware solutions to bring to its users password recovery products for all today's most popular applications. They offer password recovery solutions for small and medium-sized enterprises as well as for large corporations and individuals around the world.

Lathe Gambit Computer Forensics Tools and Information Links

Linux Kernel Archives

Logicube is the recognized world leader in hard drive duplication, back-up, and computer forensics systems. Logicube's hard drive cloning and duplication systems are used throughout the world in thousands of IT departments, as well as by leading law enforcement agencies.

Mares and Company is a computer forensic, data analysis, and training company started by Dan Mares in 1998.
Featuring the best in Security trojans, firewalls, vulnerabilities, exploits, scanners, cleaners.

Microsoft Security Tools

Mischel Internet Security
Featuring Netstat Viewer, a GUI replacement for the command line application; and, LExE, a utility that lists all executable extensions on your system.

The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.

Net Optics is a global network passive monitoring tap provider.


NGSSniff is a network packet capture and analysis program. It requires Windows 2000 or XP, and allows users to capture, save and analyse traffic on their network. The current version is a BETA test version and provided free of charge. Features include: Clean, simple, fast GUI; Packet capture via Windows Sockets raw IP (WSAIoctl); Packet capture via Microsoft Network Monitor drivers; Simple packet parsing (ip, tcp, udp, icmp, ethernet, arp); Packet sorting; Import from Microsoft Network Monitor .cap files; ASCII view; Easy cut-and-paste operation; No need to install any drivers; Realtime packet viewing - no need to stop the capture.

NMRC was formed by Simple Nomad, namely because he felt compelled to put something in the Organization header field in his newsreader. Nomad Mobile Research Centre. Where ever you are, that is the hacker lab. Be it work, home, consulting, even in the car or in the shower -- just keep the brain working. Most of the stuff here deals with computer security, and is the result of working in this large virtual lab (although most NMRC members have fairly nice dedicated labs for security research).

NST Network Security Toolkit
This bootable ISO CD is based on Red Hat Linux 9. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 75 Security Tools by are available in the toolkit. What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebook's hard disk will not be altered in any way. NST also makes a excellent toolkit to help one with all sorts of crash recovery troubleshooting scenarios and situations.

N-Stalker N-Stealth Security Scanner
N-Stalker is a digital security company focused on security intelligence and the development of defense systems. Their main product is N-Stealth, which is distributed to customers in more than 30 countries - ranging from small businesses to the largest corporate enterprises, while also securing service providers, government agencies, higher education institutions and infrastructure-critical networks in the United States. N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. It is ideal for system administrators, security consultants, and IT professionals. Simply plug in your IP address and let it run -- within minutes, you'll have a full report outlining all the potential security holes on the server.

NTI SafeBack
SafeBack is used to create mirror-image (bit-stream) backup files of hard disks or to make a mirror-image copy of an entire hard disk drive or partition. New Technologies, Inc. was founded in 1996 by internationally recognized computer experts in computer forensics and computer forensic utility software development. NTI specializes in finding computer secrets and are experts in the exploitation of the security weaknesses in DOS, Windows, Windows 95, Windows 98, Windows NT and Windows 2000 to find computer evidence and computer security data leakage. NTI's computer forensics laboratory is believed to be the largest in the world dedicated to computer evidence processing and civil litigation support services. NTI works primarily with Fortune 1000 companies, Big 5 accounting firms, law firms, government contractors, government agencies, military agencies and law enforcement agencies.

NT Security Utilities is the one stop portal for NT Security offering Active Registry Monitor, AdmWin, Atelier Web Security Port Scanner, Blast, FileWatch, Fpipe, Fport 1.33, Random Password Generator, Netcat by L0pht. Toolbox is intended to be a one stop shop for people looking for information in the area of digital evidence investigation, commonly referred to as computer forensics. Whether you're a corporate investigator, law enforcement officer, or just a student interested in the field, our hope is that this site becomes THE repository of information on the where when why and how of computer forensics. We offer message boards, mailing lists, and a home for documents and applications to aid in the investigative process.

Packet Storm's Recent 50
The 50 most recent tool and utility files added to Packet Storm. A great multi-platform resource.

Paraben Forensic Tools

Port 80
Port80 Software, Inc. develops software products to enhance the security, performance and user experience of Microsoft's Internet Information Server (IIS). Simply put, we have combined business and programming expertise in Internet technologies to make IIS-based websites, Web applications and servers safer, faster and more user-friendly.

Port Scanners - Remote:
NMAP | ShieldsUP

Port Scanners from Cotse
Cotse is a leading computer professional resource and offers an array of online tools.

PrcView - Windows Process Viewer
PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc.

RSA Security
Dedicated to ensuring the authenticity of people, devices and transactions in the wired and wireless worlds.

Public Domain Security Tools: | |

Rootkits can often be difficult to detect on a compromised system. To this end, and offer an array of information and tools to help detect if an intruder installed their preferred collection of stealthy tools and ran a series clean-up scripts to help hide the initial intrusion.

SafeGuard by Utimaco Safeware
Encryption and Access Control for Laptops and Workstations. SafeGuard Easy provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks. SafeGuard Easy is both simple to install and operates transparently in the background.

Security Consensus Operational Readiness Evaluation (SCORE) is a cooperative effort between SANS/GIAC and the Center for Internet Security(CIS). SCORE is a community of security professionals from a wide range of organizations and backgrounds working to develop consensus regarding minimum standards and best practice information, essentially acting as the research engine for CIS. After consensus is reached and best practice recommendations are validated, they may be formalized by CIS as best practice and minimum standards benchmarks for general use by industry at large.

Another great multi-platform resource for tools and utilities.

SecurityStats.Com was founded in April, 2000. The site was created out of a perceived need for a central repository of interesting computer security statistics, which could be used in research materials as well as corporate security expenditure documentation. Most statistics gathered on this site have been pulled from other Internet resources. Their Online Dictionary Based Password Hash Cracker is a web based demonstration tool that shows how easy it is to break dictionary based passwords and can found on their Awareness Tools page.
SecurityFriday offers an array of pen test tools and insightful articles.

For executives who must ensure the welfare of their intellectual assets and the successful management of their enterprise networks, SilentRunner® delivers patented products in the Network Security Analysis market. is the official website for The Sleuth Kit and The Autopsy Forensic Browser. Both are open source file system digital forensics tools from Brian Carrier that run on Unix systems (such as Linux, OS X, FreeBSD, OpenBSD, and Solaris) and analyze NTFS, FAT, UFS, EXT2FS, and EXT3FS file systems. The Sleuth Kit was previously called The @stake Sleuth Kit (TASK).

Sniffer Detection by
Detecting sniffers on your network.

Sniffer List - by
The best list of available Sniffers for different platforms, indexes and tutorials on the net.

Sniffing Tools
Sniffer FAQs - Sniffer Detectors - Network Sniffers - Wireless Sniffers

Sourceforge - Win32 versions of Unix Tools is the world's largest Open Source software development website, providing free hosting to tens of thousands of projects. The mission of is to enrich the Open Source community by providing a centralized place for Open Source developers to control and manage Open Source software development. To fulfill this mission goal, they offer a variety of services to projects they host, and to the Open Source community.

Internet Monitoring and Surveillance Tool. SpectorSoft develops, markets and supports PC/Internet monitoring and surveillance products for business, education, government and general home users.

Cotse | Galactus | Carnegie Mellon Gallery of CSS Descramblers Steganography Wing
Steganography is the art of hiding signals inside other signals. This basically comes down to using unnecessary bits in an innocent file to store your sensitive data. The techniques used make it impossible to detect that there is anything inside the innocent file, but the intended recipient can obtain the hidden data. This way, you not only hide the message itself, but also the fact that you are sending this message. Dartmouth Professor Hany Farid has a program that is 90% effective and may unlock the mysteries of steganography, Dartmouth College News&Events release August 2001.

The Sysinternals website provides you with advanced utilities, technical information, and source code related to Windows 9x, Windows Me, and Windows NT/2000 internals that you won't find anywhere else.

Sys-Security is a website dedicated to computer security research. It is the home of the "ICMP Usage In Scanning" research project. The Internet Control Message Protocol may seem harmless at first glance. Its goals and features were outlined in RFC 792 (and than later cleared in RFCs 1122, 1256, 1349, 1812), as a way to provide a means to send error messages, troubleshoot networking problems, and more. There is no consent between the experts in charge for securing Internet networks regarding the actions that should be taken to secure their network infrastructure in order to prevent those risks.

Talisker Security Wizardry
Talisker aka maintains a good resource for security tools and software including In Line Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).

TamoSoft, Inc., specializes in security and network monitoring software for the Internet and local area networks. We have been developing software for 3 years and take great pride in our achievements and excellent customer support. Today our products and custom solutions may be found in businesses all over the world, including a large number of Fortune 500 companies, as well as in thousands of smaller ventures. Our blue-chip customers include: Motorola, Siemens, Ericsson, Nokia, Lucent Technologies, Olympus Optical Co., Nortel Networks, Unisys, UBS, Dresdner Bank AG, General Electric.

Tech Assist ToolsThatWork
Their software tools are currently in use by many large companies Compaq, Microsoft, Raytheon, Siemens, Unisys, etc., Government agencies FBI, Customs, DoD, etc., Educational institutions MIT, U. of GA., U. of AL., Cornell, Texas A&M, Columbia, etc., and are in use internationally U.K., Israel, Germany, U.K., Netherlands, Spain, etc.

Technology Pathways - Computer Forensics
Technology Pathways provides a wide range of security products and services directed at all areas of computer security and forensics. The Technology Pathways team is led by Christopher L. T. Brown. Prior to his position with Technology Pathways Mr. Brown has served as Chief Technology Officer and Director of GlobalApp, Inc., Chief Technology Officer for CompuVision, Inc., Vice President of Operations and Director of StoragePoint, Inc. Mr. Brown teaches computer security and computer forensics at the University of California at San Diego and has written numerous books on Windows NT and the Internet.

Tiger Tools
TigerSurf is a suite of SafetyWare that both home and business users can incorporate as part of a complete Internet protection toolkit.

Treachery Unlimited
TREACHERY UNLIMITED is founded on one simple principle: "By seeing your defenses through the eyes of your worst enemy, you become your best guardian." This principle is reinforced with the belief that, since attackers make attempts on your systems at no charge, so you should be able to defend your systems at no additional cost. This site serves as a clearinghouse of security-related information by which system and network administrators may better defend the systems for which they are responsible.

Tripwire provides software and services to ensure the security and availability of servers and network devices, while enabling increased control over the IT infrastructure.

TUCOFS The Ultimate Collection of Forensic Software
This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.

WebAttack is the world's largest Internet related software and utility collection for Windows, with almost 5000 titles in over 280 categories.
Whitehats maintains an open source free tools database.

Windows Forensics and Incident Recovery by Harlan Carvey.
This is the first book to address the topic of incident response/recovery and forensics solely for Windows systems. The book addresses issues such as preparing for incidents, and what to when incidents occur, all the way up to making a bit-level image of the hard drive.

WinDump is the porting to the Windows platform of tcpdump, the most used network sniffer/analyzer for UNIX. Porting is currently based on version 3.5.2. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules. It can run under Windows 95/98/ME, Windows NT and Windows 2000. Before running WinDump, you must FIRST download and install WinPcap.

WinGuardian by Webroot
Complete monitoring and blocking tools for controlling Internet activity on public computers. Webroot Software, Inc. is a leading provider of privacy, protection and performance software for home and business computer users. Founded in 1997, Webroot has focused on delivering peace of mind with innovative software solutions that guard your computing privacy, protect you and your children online, and improve computer performance.

Winsnort is for anybody who wants to learn how to install a complete Intrusion Detection System (IDS) in a Windows, Solaris9 (BETA), or Redhat 9 environment including an Enterprise solution, using the most popular and known Intrusion Detection Engine known as Snort! You will find tutorials written for users of all skill levels that both newbie’s and advanced users will enjoy and understand.

Winternals Software is an Austin, Texas-based developer of advanced administration tools for Windows-based systems. Winternals Software products support IT professionals in numerous ways, emphasizing system repair and data recovery, and including system performance enhancement, system diagnostics and troubleshooting, and data accessibility solutions. Established in 1996 by Bryce Cogswell, Ph.D. and Mark Russinovich Ph.D., Winternals Software has become a leading solutions provider to enterprises worldwide.

X-Ways Software Technology AG
WinHex Hex Editor for Files, Disks and RAM

Zeno's Forensic Site
Zeno Geradts is a forensic scientist at the Netherlands Forensic Institute of the Ministry of Justice at the Digital Evidence section in the area of forensic (video) image processing and pattern recognition. This site provides information on forensic science, forensic psychiatry and other aspects of forensic evidence. The site with links is listed at Zeno's Forensic Page since 1993.


Apache Server 

Website best viewed using MS IE6 with a minimum screen resolution of 1024x768.

Contact | Legal | Links  | Privacy  | Search  | Site Map

Copyright © 2001-2006 McCracken Associates

Website Modified: January 27, 2006

Cnet Ranks One World No1 Host