Forensics
From ConShell
Digital Forensics Tools and Information
- Helix Live CD - http://www.e-fense.com/helix/
- Price: -$-Free
This is a bootable live CD based off Knoppix. Includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. It can also be dropped into a running Windows system for live data capture and analysis. - THE FARMER'S BOOT CD - http://www.forensicbootcd.com/
- Haven't tried this yet, but plan to.
- EnCase Forensic - http://www.guidancesoftware.com/products/ef_index.asp
- Cream of the crop, but expensive $$$
- Forensic Toolkit - http://www.accessdata.com/products/ftk/
- Touted as the leading forensic tool to perform e-mail analysis (among other things). Much more reasonably priced at just over $1000 US
- ILook Investigator - http://www.ilook-forensics.org/
- This is a restricted suite of computer forensics applications available only to qualified individuals at intelligence and law-enforcement agencies.
Palm OS
- pilot-link
- Price: -$-Free
Suite of cmd-line tools that runs on Linux (and others?).
Examples:pilot-file -l System\ Ring\ Tones.pdb entries index size attrs cat uid 0 113 0x40 0 0x8c501b 1 56 0x40 0 0x8c5012 2 338 0x40 0 0x47e047 3 142 0x40 0 0x47e044 4 203 0x40 0 0xb33041 5 110 0x40 0 0xb33029 6 44 0x40 0 0xb33022 7 82 0x40 0 0xc17003 8 181 0x40 0 0xb33040 9 173 0x40 0 0xb3302f 10 120 0x40 0 0xb33042 11 182 0x40 0 0x47e048 pilot-file -r 0 System\ Ring\ Tones.pdb entries index size attrs cat uid 0 113 0x40 0 0x8c501b 0000: 50 4d 72 63 0c 00 20 54 72 65 6f 00 4d 54 68 64 PMrc.. Treo.MThd 0010: 00 00 00 06 00 00 00 01 01 80 4d 54 72 6b 00 00 ..........MTrk.. 0020: 00 4f 00 90 5a 7f 52 5a 00 00 58 70 52 58 00 00 .O..Z.RZ..XpRX.. 0030: 5a 7f 52 5a 00 00 58 70 52 58 00 00 5a 7f 52 5a Z.RZ..XpRX..Z.RZ 0040: 00 00 58 70 52 58 00 00 5a 7f 52 5a 00 00 58 70 ..XpRX..Z.RZ..Xp 0050: 52 58 00 81 24 58 70 52 58 00 00 5c 70 52 5c 00 RX..$XpRX..\pR\. 0060: 00 5f 7f 52 5f 00 00 00 01 87 68 00 00 00 ff 2f ._.R_.....h..../ 0070: 00 .
- Par - http://djw.org/product/palm/par/index.html
- Price: -$-Free
The par utility creates and manipulates PalmOS database (.pdb) and resource (.prc) files.
Examples:par h 'System Ring Tones.pdb' name: System Ring Tones type: smfr cid: GSMr attributes: backup version: 0 ctime: 193510271755 mtime: 200602091606 btime: 193510272037 modnum: 489 szappinfo: 0 szsortinfo: 0 nrecords: 12
par l 'System Ring Tones.pdb' -d-- 0 113 PMrc.. Treo.MThd..........MTrk...O..Z.RZ..XpRX.. -d-- 0 56 PMrc..Beep Beep.MThd..........MTrk......d.Rd.Rd. -d-- 0 338 PMrc..Escalate.MThd..........MTrk...,..V.HV..T.H -d-- 0 142 PMrc..Euro.MThd..........MTrk...m..X..X..V..V..X -d-- 0 203 PMrc..Fly By.MThd..........MTrk......b!2b..e!2e. -d-- 0 110 PMrc..Jazz.MThd..........MTrk...M..L...L..P...P. -d-- 0 44 PMrc..None.MThd..........MTrk......<..<.../. -d-- 0 82 PMrc..Ping-Pong.MThd..........MTrk...+..g.<g.<g. -d-- 0 181 PMrc..Powerful.MThd..........MTrk......d.4d..X.4 -d-- 0 173 PMrc..Professional.MThd..........MTrk......X.4X. -d-- 0 120 PMrc..Sparkle.MThd..........MTrk...S..Y.2Y..Y 2Y -d-- 0 182 PMrc..Turca.MThd..........MTrk......S.HS..Q.HQ..
par x 'System Ring Tones.pdb'
This produces a bunch of *.pdr files.
strings 011.40.4710472.pdr PMrc Turca MThd MTrk
Related
