watching you watching us . .


DEFT Linux 6 ready for download

DEFT 6 is based on Lubuntu with Kernel 2.6.35 (Light Ubuntu Linux) and DEFT Extra 3.0 (Windows)., 11 January 2011 – ( More Info ) – Download ISO

DEFT 6 computer and network forensic packages list:

* sleuthkit 3.2.0, collection of UNIX-based command line tools that allow you to investigate a computer
* autopsy 2.24, graphical interface to the command line digital investigation tools in The Sleuth Kit
* DFF 0.8
* dhash 2.0.1, multi hash tool
* aff lib 3.6.4, advanced forensic format
* disk utility 2.30.1, a partition manager tool
* guymager 0.5.7, a fast and most user friendly forensic imager
* dd rescue 1.14, copy data from one file or block device to another
* dcfldd, copy data from one file or block device to another with more functions
* dc3dd 7, patched version of GNU dd to include a number of features useful for computer forensics
* Xmount 0.4.4, convert on-the-fly between multiple input and output hard disk image types
* foremost 1.5.6, console program to recover files based on their headers, footers, and internal data structures
* photorec 6.11, easy carving tool
* mount manager 0.2.6, advanced and user friendly mount manager
* scalpel 1.60, carving tool
* wipe 0.21
* hex dump, combined hex and ascii dump of any file
* outguess 0.2 , a steganography tool
* ophcrack 3.3.0, Windows password recovery
* Xplico 0.6.1 DEFT edition, advanced network analyzer
* Wireshark 1.2.11, network sniffer
* ettercap 0.7.3, network sniffer
* nmap 5.21, the best network scanner
* dmraid, discover software RAID devices
* testdisk 6.11, tool to recover damaged partitions
* ghex, light gtk hex editor
* vinetto 0.6, tool to examine Thumbs.db files
* trID 2.02 DEFT edition, tool to identify file types from their binary signatures
* readpst 0.6.41, a tools to read ms-Outlook pst files
* chkrootkit, Checks for signs of rootkits on the local system
* rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
* john 1.7.2, john the ripper password cracker
* catfish, file search
* galletta 1.0
* pasco 1.0
* md5sum, sha1sum, sha224sum, sha256sum, sha512sum
* md5deep, sha1deep, sha256deep
* skype log view, skype chat conversation viewer
* Xnview, viewer graphics, picture and photo files
* IE, Mozilla, Opera and Chrome cache viewer
* IE, Mozilla, Opera and Chrome history viewer
* Index.dat file analyzer
* pdfcrack, cracking tool
* fcrackzip, cracking tool
* clam, antivirus 4.15
* mc, UNIX file manager

DEFT extra 3.0: – ( More Info )


Forensics: Recovering a 12-year old floppy disk with DD

“.. True story. Earlier this year I was handed a 12-year old floppy disk loaded with bad sectors and unmountable due to a missing/corrupted partition table. A lost cause? Nope. DD can still image the raw media, skipping unreadable sectors and padding the output file with zeros to keep file structures intact wherever possible.

I booted up a Helix Live CD and ran:
dcfldd if=/dev/fd0 of=floppy.img bs=4k conv=noerror,sync

After much grinding and hissing, DD finished with a fully intact 1.4MB floppy disk image. Almost made me want to scour through my old floppy collection. Almost ..”, 9 September 2009 – last access 30 September 2010 (Full Article )