DEFT開發出最新的鑑識工具DEFT V5x,DEFT V5x是Live CD,提供鑑識人員於取證時完整的鑑識工具(當然還是有缺拉),除了Windows介面下的鑑識工具更新之外,以Linux環境開機後也收錄更多GUI工具,已經快有之前Helix Live CD的影子了,詳細更新內容如下:
DEFT v5 computer and network forensic packages list:
- sleuthkit 3.01, collection of UNIX-based command line tools that allow you to investigate a computer
- autopsy 2.21, graphical interface to the command line digital investigation tools in The Sleuth Kit
- dhash 2, multi hash tool
- aff lib 3.5.2, advanced forensic format
- gpart, tool which tries to guess the primary partition table of a PC-type hard disk
- guymager 0.4.2-1, a fast and most user friendly forensic imager
- dd rescue 1.13, copy data from one file or block device to another
- dcfldd 1.3.4.1, copy data from one file or block device to another with more functions
- linen 6.01, Linux version of the industry- standard DOS-based EnCase acquisition tool
- foremost 1.5.6, c onsole program to recover files based on their headers, footers, and internal data structures
- photorec 6.11, easy carving tool
- mount manager 0.2.6, advanced and user friendly mount manager
- scalpel 1.60, carving tool
- wipe
- hex dump, combined hex and ascii dump of any file
- outguess, a stegano tool
- ophcrack 3.3.0, Windows password recovery
- Xplico 0.6 DEFT edition, advanced network analyzer
- Wireshark 1.2.2, network sniffer
- ettercap 0.7.3, network sniffer
- nessus 4, vulnerability and security scanner, client
- nessusd 4, vulnerability and security scanner, server
- nmap 5, the best network scanner
- kismet 2008.05 R1, sniffer and intrusion detection system that work with any wireless card
- dmraid, discover software RAID devices
- testdisk, tool to recover damaged partitions
- vinetto, tool to examine Thumbs.db files
- trID 2.02 DEFT edition, tool to identify file types from their binary signatures
- readpst 0.6.41, a tools to read ms-Outlook pst files
- snmpwalk
- chkrootkit, Checks for signs of rootkits on the local system
- rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
- john 1.7.2, john the ripper password cracker
- clam, antivirus 4.15
- mc, UNIX file manager
DEFT extra 2.0:
- System Information
- Drive Manager
- Reg Scanner
- Win Audit
- ReSysInfo
- USB Deview
- Bluethoot View
- User Assist view
- WRR
- My Event View
- MSI
- Curr Proces
- Live Acquisition
- FTK imager
- Winen
- MDD
- Forensics Tool
- WFT
- Zero View
- WFA
- File Alyser
- Nigilant32
- USB history
- Shell command
- PC on/off time
- Password Recovery
- Asterix logger
- PassworFox
- Chrome Pass
- IE PassView
- Wireless Key View
- Mail pass view
- Incredimail Message Extractor
- Networking
- Web Browser
- IE Cookie View
- IE History View
- Mozilla Cookie View
- Mozilla History View
- Mozilla Cache view
- Opera Cache View
- Chrome Cache View
- Index.dat Analyzer 2.0
- Historian
- FoxAnalisis
- Utility tool
- Skype Log View
- Home Keylogger
- HexEdit
- SDHash
- WipeDisk
- USBWriteProtector
- Testdisk
- LTF View
- AVI screen
- Hower Snap
- VNC Viewer
- Sumatra PDF
- Putty
- Pre-Search
- Photorec
- Notepad++
- WinMD5sum
- Abiword
- Undelete Plus
- Hash calc
- IP Net Info
- SysInternal
- Access Enum
- autoruns
- diskView
- Regmon
- WinOBj
- Filemon
- ProceXp
- TCPView
- Rootkit Revealer
DEFT v5 features list:
- incorruptibility of the partitions
- incorruptibility of the swap spaces
- linux Kernel 2.6.31
- LXDE
- apt-get system
- vino
- rdesktop
- samba client
- open SSH client & server
- ntfs3g
- lvm support
- brasero
- record my desktop
- wicd network manager
- speedcrunch
- htop
工具畫面截圖:
Boot
Dhash 2 text mode
Desktop
Software list
Dhash 2
Autopsy
Mount manager
0 意見: