DEFT v5 鑑識工具

DEFT開發出最新的鑑識工具DEFT V5x,DEFT V5x是Live CD,提供鑑識人員於取證時完整的鑑識工具(當然還是有缺拉),除了Windows介面下的鑑識工具更新之外,以Linux環境開機後也收錄更多GUI工具,已經快有之前Helix Live CD的影子了,詳細更新內容如下:


DEFT v5 computer and network forensic packages list:

  • sleuthkit 3.01, collection of UNIX-based command line tools that allow you to investigate a computer
  • autopsy 2.21, graphical interface to the command line digital investigation tools in The Sleuth Kit
  • dhash 2, multi hash tool
  • aff lib 3.5.2, advanced forensic format
  • gpart, tool which tries to guess the primary partition table of a PC-type hard disk
  • guymager 0.4.2-1, a fast and most user friendly forensic imager
  • dd rescue 1.13, copy data from one file or block device to another
  • dcfldd 1.3.4.1, copy data from one file or block device to another with more functions
  • linen 6.01, Linux version of the industry- standard DOS-based EnCase acquisition tool
  • foremost 1.5.6, c onsole program to recover files based on their headers, footers, and internal data structures
  • photorec 6.11, easy carving tool
  • mount manager 0.2.6, advanced and user friendly mount manager
  • scalpel 1.60, carving tool
  • wipe
  • hex dump, combined hex and ascii dump of any file
  • outguess, a stegano tool
  • ophcrack 3.3.0, Windows password recovery
  • Xplico 0.6 DEFT edition, advanced network analyzer
  • Wireshark 1.2.2, network sniffer
  • ettercap 0.7.3, network sniffer
  • nessus 4, vulnerability and security scanner, client
  • nessusd 4, vulnerability and security scanner, server
  • nmap 5, the best network scanner
  • kismet 2008.05 R1, sniffer and intrusion detection system that work with any wireless card
  • dmraid, discover software RAID devices
  • testdisk, tool to recover damaged partitions
  • vinetto, tool to examine Thumbs.db files
  • trID 2.02 DEFT edition, tool to identify file types from their binary signatures
  • readpst 0.6.41, a tools to read ms-Outlook pst files
  • snmpwalk
  • chkrootkit, Checks for signs of rootkits on the local system
  • rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
  • john 1.7.2, john the ripper password cracker
  • clam, antivirus 4.15
  • mc, UNIX file manager


DEFT extra 2.0:

  • System Information
  • Drive Manager
  • Reg Scanner
  • Win Audit
  • ReSysInfo
  • USB Deview
  • Bluethoot View
  • User Assist view
  • WRR
  • My Event View
  • MSI
  • Curr Proces
  • Live Acquisition
  • FTK imager
  • Winen
  • MDD
  • Forensics Tool
  • WFT
  • Zero View
  • WFA
  • File Alyser
  • Nigilant32
  • USB history
  • Shell command
  • PC on/off time
  • Password Recovery
  • Asterix logger
  • PassworFox
  • Chrome Pass
  • IE PassView
  • Wireless Key View
  • Mail pass view
  • Incredimail Message Extractor
  • Networking
  • Web Browser
  • IE Cookie View
  • IE History View
  • Mozilla Cookie View
  • Mozilla History View
  • Mozilla Cache view
  • Opera Cache View
  • Chrome Cache View
  • Index.dat Analyzer 2.0
  • Historian
  • FoxAnalisis
  • Utility tool
  • Skype Log View
  • Home Keylogger
  • HexEdit
  • SDHash
  • WipeDisk
  • USBWriteProtector
  • Testdisk
  • LTF View
  • AVI screen
  • Hower Snap
  • VNC Viewer
  • Sumatra PDF
  • Putty
  • Pre-Search
  • Photorec
  • Notepad++
  • WinMD5sum
  • Abiword
  • Undelete Plus
  • Hash calc
  • IP Net Info
  • SysInternal
  • Access Enum
  • autoruns
  • diskView
  • Regmon
  • WinOBj
  • Filemon
  • ProceXp
  • TCPView
  • Rootkit Revealer

DEFT v5 features list:
  • incorruptibility of the partitions
  • incorruptibility of the swap spaces
  • linux Kernel 2.6.31
  • LXDE
  • apt-get system
  • vino
  • rdesktop
  • samba client
  • open SSH client & server
  • ntfs3g
  • lvm support
  • brasero
  • record my desktop
  • wicd network manager
  • speedcrunch
  • htop


工具畫面截圖:

Boot

Dhash 2 text mode

Desktop

Software list

Dhash 2

Autopsy

Mount manager



DEFT V5x下載

0 意見: