|
|||||
Software | Training | Services | |||
Services
About Us
Order: online |
Free Software from Mares and Company
Below is a list of programs (Many are outdated, 16bit programs that are no longer supported), that are free and can be downloaded from maresware.com. It is totally open, and free to use. (Some code may retain prior author copyright). Click on the program name to download. Since this list was compiled, there may have been others moved from the full pay listings to the free category. If you find a program you like, download the exe version and see of it has been opened for free use. Don't forget: all the Maresware software(available for purchase on other pages of this site) can be downloaded for free; it is fully functional for test and demo purposes. Most links on this page are direct FTP downloads. If they don't appear to work, there may currently be too many logged in visitors. Please try again. Or try this direct link to the files location and manually download the appropriate file. (Note: some of the 32 bit software is found in the nt_32 directory.)
Add_recl Is a 32 bit program that will add a 4 byte record length to the beginning of a CR/LF record. This 4 byte addition makes the record similar to data extracted from many mainframe databases which create variable length records. For Maresware users, this program has the advantage of making the record compatible with the requirements of the search.exe program. Ch Is am OUTDATED 16 bit program that enhances the CD command. It is modeled after the *ix setcdpath command which allows for more efficient changing of directories from the command line.
Chs_Conv will take a CHS value (200/10/15) and convert it to logical sector number, or take a logical sector number (i.e.,1234567) and convert it to a CHS value.
Chek_env will check the environment for the existance of a variable, and confirm the value set for the variable.
Chsize will change the size of a file. It can either truncate the file size, or increase the file size. When increasing the file size it fills with a hex 00.
Crc test.zip is a zip file containing a number of known files, with their respective 32 bit CRC and 128 bit MD5 hash values. The values for most of the files were obtained and confirmed from original MD5 sites.
Dater.exe is a command line program to generate various outputs in the format for MM DD YY, julian and other strings. Use these outputs to build environment variables which can be used in filenames, folder names, etc.
Dateconv In many forensic and operating system applications there is a long number used to express a date/time in seconds elapsed since a given reference date(ex., 9123456789). Dateconv converts it to the conventional format for writing a date, i.e., 00-00-0000.
Disable will disable the keyboard of a computer. Best used on a boot disk for evidence protection. Often called an evidence disk.
Fasthash Is a stripped down, 16bit version of the hash program. It has a limited number of options installed. Fasthash is the version of hash distributed with the Hashkeeper program. Display a file in hexadecimal format. Similar the the hexdump program, these versions provide different interface and output. Hexdump1 provides an output similar to mainfram dump programs that display the "zone" punch as if it was a punch card image. Hexdump2 provides a color output, and has copy and search capability. Hpa Hpa is a 16 bit program designed to work only on IDE drives. When run, Hpa will identify: the drive's manufacturer; serial number; total number of sectors on the drive; and, if the drive is Host Protected Area (HPA) capable, it will identify the number of sectors set aside in the HPA. Hpa is very useful on a forensic boot disk because it can capture key information about any IDE drives in the system. The resulting information can be sent to an output log file for future reference.
Lfn_Crc is a program which will calculate the checksum of the 8.3 DOS filename to confirm/verify that the long filename checksum is correct. Makedir Make multiple subdirectories all at once.
Mktemp This program will create any number of temporary test files, in any number of subdirectories you ask for. Each file is of a known size and content so these can be used for additional testing purposes.
Mod com is a program that will alter the operating system files on a floppy boot disk so that when booted it will not alter anything on the C: drive. This is what is done manually in the basic forensic classes when you alter boot disks to keep from accessing the C: drive. This program creates a forensically sound boot disk.
Mouse is is designed to work on files which have fixed length records and do not have the traditional Carriage Return / Line Feed characters. (CR/LF). It will display the file on the screen based on the length input by the user. It can also be used to add returns to text files and redirect output to a new file with these returns in it.
NIST_Crc is a program compiled from (slightly modified) source code obtained from the NIST/NSRL web site. The program will compute the CRC, MD4, MD5, and SHA1 of a file. However, the Maresware program Sha_verify is a little more robust than this one.
Pagefmt: This program is designed specifically to take a file of fixed length records and produce a formatted file (on disk) containing page breaks and heading information suitable for copying to a printer. It is a very basic text formatting program to create quick pages for printing. Random: This program is designed generate random numbers for sampling or other purposes. When using the same seed value, the random numbers generated can be duplicated for repetitive results.
Sample This program will create one file of any size with known content. (Usually a single character of the user's choice, but it can be random.) This known file content can then be used to test forensic software. Checkpoints are scattered throughout the file so actual displacements and locations can easily be identified.
Sha verify is a program which will calculate the MD5 (128 bit), SHA1 (160 bit), SHA2 (256 bit), SHA2 (384 bit), and SHA2 (512 bit) hashes of files. It also has the unique ability to emulate the MD5 or SHA1 of a number of specified disk sectors containing a single overwrite character. This is especially useful when trying to confirm the MD5 values of forensic software on wiped hard drives. It can also be used to confirm that your forensic software is providing you with the correct MD5 or SHA value of a wiped disk.( Very useful, because if you can't get the correct hash of a wiped disk, how can you get the correct hash of a data disk?) A 2004 enhancement is that if you have a number of dd (flat) images, it can perform the hashes on the entire set of files and provide a single hash as if it was a single file. This is useful for confirming the hash of a physical drive against the set of dd files. Sortchek: will confirm the sort sequence of a sorted file. Many of the Maresware programs, like Bsearch and Compare rely on a file being properly sorted. Sortchek will help confirm the sort is correct.
Strip is a program that can be used to strip out unprintable characters from a file. This is quite useful with GUI forensic programs when a block of data from unallocated space is saved or exported to an output file for evidence purposes. Also useful when you have a copy of a pagefile or memory dump. These files contain a significant amount of nulls and unicode characters, which makes searching for text strings almost impossible. Strip makes searching much easier by eliminating all unprintable characters. Systems: (An outdated, 16bit program). Is an easy to use program that will quickly scan your drive and attempt to determine how many partition and boot records are on the drive, and what operating systems they may belong to. This program is excellent for trying to locate "hidden" partitions.
Truetime is a program that will ask the user for the correct date and time, and obtain the system date and time from the system BIOS. This output can be redirected to a file for retention in forensic investigations. Excellent addition to a forensic boot disk.
Help screens for most of the above programs can be obtained by adding a -? option(or by merely typing the program name alone). Example: sha_verify -? All of the above programs are command line driven programs. Some are true 32 bit, while others are true 16 bit. You should determine which is which before using. More detailed information on each of the programs may also be found in the associated file sections linked at the bottom of this page. (ie random is found in the Files P-S section below). |