|
|
||||
Home
About Us
Legal
Notices
|
vote dumb-o-crat
In loving memory of my wonderful wife, Brenda (1948-2012). The next 4 hour KSU tool testing seminar is Saturday, Nov 9, 2024. Check this link for info. of the session, and a direct link to the KSU reference . The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs. Appropriate acknowledgment is appreciated.
VIRUS CHECKERS: When downloading any of the executables, please turn off your virus checking. Many virus checkers, including: Microsoft, Vipre and others have a nasty habit of blocking the exe's from downloading. It is funny, that Micorosft compiler builds the exe, but Microsoft OS won't download it. Just a note. VIRUS CHECKERS: Our software doesn't contain bugs. Its just operationally challenged. Remember: The software is COMMAND LINE not GUI. So brush up on your typing skills.
Take a look at the top six articles on the articles page. And test your software and processes to see if it is really forensically sound. Read them in the order they are listed here. Catalog files A preliminary article describing why I conducted all these tests.Inventory/Catalog files Creating an inventory of evidentiary files Forensic file copying Article tests over 40 "forensic" file copiers Forensic Hashing Article tests over 30 "forensic" hash programs. ZIP-IT for forensic retention Article test a few zipping programs and ZIP_IT_TAKE2 More tests for your zipping capabilities. ZIP_IT_HASHES An unscientific discussion of container hash values. MATCH FILE HASHES Demonstrates hash matches using Maresware. A HASH software buffet How-to use Maresware hash software NSRL MD5's A short description of my restructured NSRL MD5 data set. A crude timeline analysis batch file using Maresware software
Take a look at the most popular forensic programs: Files A-C | Files D-F | Files G-K Files L-O | Files P-S | Files T-Z
Many of the programs are available in linux format also. Check the listings ie: Files D-F link, for the linux version. If you don't see a linux version, contact me, as it may be available, just not on the web site. All linux versions operate as near as possible to their Windows version. So outputs can be merged. The software and respective help files are available from the various information pages. Follow the alphabetical links at the bottom of each page to the specific program. There you will find links to the html help files and the exe downloads (if the exe if available). The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs. If you have problems with the software, please don't hesitate to email me for assistance. But first take a look at any restrictions that Microsoft may have instituted which may keep the program from being fully functional. IE: administrator privilege. This page last updated: 10/10/2024
|
vote dumb-o-crat
In loving memory of my wonderful wife, Brenda (1948-2012). A challenge tool testing session to see if your hash, copy, zip software passes the test.
Whenever you seize evidence isn't creating an inventory of the seized items a primary operation? So, when seizing computer evidence in preparation of a forensic exam you might consider creating an inventory or catalog of those files which are located on the suspect computer and thus seized as evidence. Yes/No?? If so, lets create an evidence catalog; a list of files in the tree. Or as I call it, DISKCT, for DISK CATaloging. For this operation consider using the DISKCAT program. The diskcat program is specially designed to find and list ALL the files (or only user selected file types, ie: *.doc *.txt, *jpg etc.) within the specified directory trees. Notice I said trees not tree. Because on the command line you can point it to a number (up to 10) of directories to search and thus create a catalog or listing of ALL the files contained within the directory trees. The output can be customized to include any or all three (MAC) file times; find files based on file time or file size; full path, drive serial number and label, a user specified identifier to uniquely identify this suspect computer from the other suspect computer(s) in the listing, any NTFS Alternate Data Streams; and other stuff. (thats a technical term). The output contains delimited fields, sample here, for easy import to your favorite spreadsheet; COMMENT | PATH |SIZE|ATTR | CDATE | CTIME | TZ| SERIAL # | DISK LABEL Susepct1|C:\password| 60|ARH...|2020/01/01|07:34:56:789c|GMT| 7EF7-17FC| DRIVE_CIf you want to see more software special summaries, click here
(12/2020) UPCOPY, Added --RETry on -H hash/network errors. (7/2019) TOUCHME, Linux clone to change any MAC date/time. (6/2019) UPCOPY, HASH, DISKCAT, all updated to be able to put UNICODE filenames to log files. (--UNICODE=unilog option) (4/2019) UPCOPY, can now not only identify Alternate Data Streams, but can export them to "normal" files. (--ADSEXTRACT options) (6/2018) VERTICLE. A program to reprocess "horizontal" delimeted records and reform it so that each field becomes a new line. Easy reading for inclusion into narrative reports. (4/2018) MD5. MD5 updated to match MD5 and all SHA values against provided file. (3/2017) URL_SRCH. Added capability to find IPV6 standard format. URL_SRCH finds files that contain IP addresses, e-mail addresses, and URL formats. It then provides a list of those files for the user to act upon. (7/2012) EML_PROCESS. A program to parse .eml files and extract header metadata to a delimeted file for easy spreadsheet import. Get the .exe file
Today Rant
|