watching you watching us . .


The Sleuth Kit v3.2.1

New version of Brian Carrier’s TSK released (version 3.2.1), 27 February 2011

“.. The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows and Unix systems (such as Linux, OS X, Cygwin, FreeBSD, OpenBSD, and Solaris). They can be used to analyze NTFS, FAT, HFS+, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system types.

The Sleuth Kit (TSK) is a C library and a collection of command line tools. Autopsy is a graphical interface to TSK. TSK can be integrated into automated forensics systems in many ways, including as a C library and by using the SQLite database that it can can create ..”

Brain Carrier, The Sleuth Kit, 27 February 2011 – last access 5 March 2011 – ( More Info / Download )


DEFT Linux 6 ready for download

DEFT 6 is based on Lubuntu with Kernel 2.6.35 (Light Ubuntu Linux) and DEFT Extra 3.0 (Windows)., 11 January 2011 – ( More Info ) – Download ISO

DEFT 6 computer and network forensic packages list:

* sleuthkit 3.2.0, collection of UNIX-based command line tools that allow you to investigate a computer
* autopsy 2.24, graphical interface to the command line digital investigation tools in The Sleuth Kit
* DFF 0.8
* dhash 2.0.1, multi hash tool
* aff lib 3.6.4, advanced forensic format
* disk utility 2.30.1, a partition manager tool
* guymager 0.5.7, a fast and most user friendly forensic imager
* dd rescue 1.14, copy data from one file or block device to another
* dcfldd, copy data from one file or block device to another with more functions
* dc3dd 7, patched version of GNU dd to include a number of features useful for computer forensics
* Xmount 0.4.4, convert on-the-fly between multiple input and output hard disk image types
* foremost 1.5.6, console program to recover files based on their headers, footers, and internal data structures
* photorec 6.11, easy carving tool
* mount manager 0.2.6, advanced and user friendly mount manager
* scalpel 1.60, carving tool
* wipe 0.21
* hex dump, combined hex and ascii dump of any file
* outguess 0.2 , a steganography tool
* ophcrack 3.3.0, Windows password recovery
* Xplico 0.6.1 DEFT edition, advanced network analyzer
* Wireshark 1.2.11, network sniffer
* ettercap 0.7.3, network sniffer
* nmap 5.21, the best network scanner
* dmraid, discover software RAID devices
* testdisk 6.11, tool to recover damaged partitions
* ghex, light gtk hex editor
* vinetto 0.6, tool to examine Thumbs.db files
* trID 2.02 DEFT edition, tool to identify file types from their binary signatures
* readpst 0.6.41, a tools to read ms-Outlook pst files
* chkrootkit, Checks for signs of rootkits on the local system
* rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
* john 1.7.2, john the ripper password cracker
* catfish, file search
* galletta 1.0
* pasco 1.0
* md5sum, sha1sum, sha224sum, sha256sum, sha512sum
* md5deep, sha1deep, sha256deep
* skype log view, skype chat conversation viewer
* Xnview, viewer graphics, picture and photo files
* IE, Mozilla, Opera and Chrome cache viewer
* IE, Mozilla, Opera and Chrome history viewer
* Index.dat file analyzer
* pdfcrack, cracking tool
* fcrackzip, cracking tool
* clam, antivirus 4.15
* mc, UNIX file manager

DEFT extra 3.0: – ( More Info )