| Featuring |
Home
BLOCKED E_mails
What's New
SOFTWARE
| Reference |
About Us
FAQ's
Articles
Resources
| Our Company |
Legal
Notices
Contact Us
Blocked E_mails
My family
New House
Furniture
| Anti-Virus users know this. Most downloadable programs are in .exe (executable) format. Some Anti-virus programs will require you to explicity allow the dmares.com domain to allow download of executables. If you can't do that, let me know, and i'll get you a zipped version. But if you can't get your anti-virus to exclude a domain, get a new anti-virus. |
In loving memory of my wonderful wife, Brenda (1948-2012).
Her favorite poems
Rainbow Bridge Poem
Peace of wild things
The next 4 hour KSU tool testing seminar is Saturday, Nov 9, 2024.
Check this link for info. of the session, and a direct link to the KSU reference .
The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs. Appropriate acknowledgment is appreciated.
VIRUS CHECKERS:
When downloading any of the executables, please turn off your virus checking. Many virus checkers, including: Microsoft, Vipre and others have a nasty habit of blocking the exe's from downloading. It is funny, that Micorosft compiler builds the exe, but Microsoft OS won't download it. Just a note.
VIRUS CHECKERS:
Our software doesn't contain bugs. Its just operationally challenged.
Remember: The software is COMMAND LINE not GUI. So brush up on your typing skills.
Take a look at the top six articles on the articles page. And test your software and processes to see if it is really forensically sound.
Read them in the order they are listed here.
Catalog files A preliminary article describing why I conducted all these tests.Inventory/Catalog files Creating an inventory of evidentiary files
Forensic file copying Article tests over 40 "forensic" file copiers
Forensic Hashing Article tests over 30 "forensic" hash programs.
ZIP-IT for forensic retention Article test a few zipping programs and
ZIP_IT_TAKE2 More tests for your zipping capabilities.
ZIP_IT_HASHES An unscientific discussion of container hash values.
MATCH FILE HASHES Demonstrates hash matches using Maresware.
A HASH software buffet How-to use Maresware hash software
NSRL MD5's A short description of my restructured NSRL MD5 data set.
A crude timeline analysis batch file using Maresware software
Take a look at the most popular forensic programs:
SAMPLE DATA links to sample data
(including some (complete, Android and iOS)
"massaged" NSRL data files") for testing your software.
DISKCAT catalog files on disk.
Download the exe.
HASH hash (MD5 & SHA's) files on disk.
Download the exe.
MD5 MD5 and SHA hash files on disk & can
MATCH hash against suspect hashes
Download the exe.
EML_PROCESS process eml headers.
Download the exe.
UPCOPY reliable forensic file copy.
Download the exe.
X-WAYS META processing. For those using true
forensic software.
Download the exe.
Files A-C | Files D-F | Files G-K
Files L-O | Files P-S | Files T-Z
Many of the programs are available in linux format also. Check the listings ie: Files D-F link, for the linux version. If you don't see a linux version, contact me, as it may be available, just not on the web site. All linux versions operate as near as possible to their Windows version. So outputs can be merged.
The software and respective help files are available from the various information pages. Follow the alphabetical links at the bottom of each page to the specific program. There you will find links to the html help files and the exe downloads (if the exe if available).
The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs.
If you have problems with the software, please don't hesitate to email me for assistance. But first take a look at any restrictions that Microsoft may have instituted which may keep the program from being fully functional. IE: administrator privilege.
This page last updated: 10/10/2024
In loving memory of my wonderful wife, Brenda (1948-2012).
Her favorite poems
Rainbow Bridge Poem
Peace of wild things
A challenge tool testing session to see if your hash, copy, zip software passes the test.
Whenever you seize evidence isn't creating an inventory of the seized items a primary operation? So, when seizing computer evidence in preparation of a forensic exam you might consider creating an inventory or catalog of those files which are located on the suspect computer and thus seized as evidence. Yes/No??
If so, lets create an evidence catalog; a list of files in the tree. Or as I call it, DISKCT, for DISK CATaloging. For this operation consider using the DISKCAT program.
The diskcat program is specially designed to find and list ALL the files (or only user selected file types, ie: *.doc *.txt, *jpg etc.) within the specified directory trees. Notice I said trees not tree. Because on the command line you can point it to a number (up to 10) of directories to search and thus create a catalog or listing of ALL the files contained within the directory trees.
The output can be customized to include any or all three (MAC) file times; find files based on file time or file size; full path, drive serial number and label, a user specified identifier to uniquely identify this suspect computer from the other suspect computer(s) in the listing, any NTFS Alternate Data Streams; and other stuff. (thats a technical term).
The output contains delimited fields, sample here, for easy import to your favorite spreadsheet;
COMMENT | PATH |SIZE|ATTR | CDATE | CTIME | TZ| SERIAL # | DISK LABEL Susepct1|C:\password| 60|ARH...|2020/01/01|07:34:56:789c|GMT| 7EF7-17FC| DRIVE_CIf you want to see more software special summaries, click here
(12/2020) UPCOPY, Added --RETry on -H hash/network errors.
(7/2019) TOUCHME, Linux clone to change any MAC date/time.
(6/2019) UPCOPY, HASH, DISKCAT, all updated to be able to put UNICODE filenames to log files. (--UNICODE=unilog option)
(4/2019) UPCOPY, can now not only identify Alternate Data Streams, but can export them to "normal" files. (--ADSEXTRACT options)
(6/2018) VERTICLE. A program to reprocess "horizontal" delimeted records and reform it so that each field becomes a new line. Easy reading for inclusion into narrative reports.
(4/2018) MD5. MD5 updated to match MD5 and all SHA values against provided file.
(3/2017) URL_SRCH. Added capability to find IPV6 standard format. URL_SRCH finds files that contain IP addresses, e-mail addresses, and URL formats. It then provides a list of those files for the user to act upon.
(7/2012) EML_PROCESS. A program to parse .eml files and extract header metadata to a delimeted file for easy spreadsheet import. Get the .exe file
Today Rant
Those wooden flags you see above are given to persons and organizations I think would appreciate them and what they stand for.
Over the past year I have given these flags to two national news persons and another TV personality who routinely advertise good
intentions on TV. Of all these individuals, only ONE has even responded to the receipt of the item. That goes to show, even the
most sincere TV personalities may not be what they show publicly.