Tools

641 results - showing 61 - 80
« 1 2 3 4 5 6 7 8 9 10 ... »

Tools

License Type
Free

The DFIR4vSphere PowerShell module collects logs and forensics artefacts on both ESXi hosts and the vCenter console.

The module has two main functions:

  • Start-VC_Investigation: This function will collect all vSphere API calls registered on the vCenter, these logs are called VI events. You can also collect only events considered of interest. ESXi inventory, vCenter permissions and users report is also generated by the function. Optionally, a support bundle for the vCenter appliance can be generated.
  • Start-ESXi_Investigation: Collects forensics data on a single or multiple ESXi hosts. Optionally, a support bundle for each hypervisor targeted can be generated.

DFIR4vSphere was first presented at the CoRI&IN 2022 (Conférence sur la réponse aux incidents et l’investigation numérique). Slides of the presentation, in french language, are available here.

Tools

License Type
Commercial - Paid
Developer
Metaspike

Experts’ choice for investigating email fraud, business email compromise (BEC), malware delivery, and CAN-SPAM Act violations.

 

Tools

License Type
Commercial - Paid
Developer
Metaspike

Expertly preserve email evidence without breaking a sweat. Get plug & play output for digital forensic investigations and eDiscovery.

 

Tools

License Type
Free
Developer
Dan Mares (Maresware)
Performs an "intelligent" file COPY operation and is an excellent forensics and eDiscovery file copy tool.

 

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Find duplicate records in output of Hash

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Hashcmp can be used to compare the contents, line by line, of two files with similar records. When it finds records in one file that do not have a match in the other file, the program displays the mismatch on the screen. It is designed to display the differences in output files produced by the Maresware Hash program.

Tools

License Type
Free
Developer
Dan Mares (Maresware)

HK_Hash is a smaller version of Hash which is specially designed to calculate the 128 bit MD5 hash of a file(s) and create a comma delimeted output that is compatable with the hashkeeper requirements for a file which it to be loaded/imported into the hashkeeper data base.

Tools

License Type
Free
Developer
Dan Mares (Maresware)

Hash is designed to calculate a 32 bit CRC, 128 bit MD5 hash, 160 bit Secure Hash Algorithm (SHA1), or the SHA2  (256, 384 or 512 bit) of a file.

Tools

License Type
Free

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile.

This is not a replacement for tools such as Rekall and Volatility which use a profile to perform a more structured analysis of memory.

Rip Raw works by taking a Raw Binary such as a Memory Dump and carves files and logs using:

  • Text/binary boundaries

  • File headers and file magic

  • Log entries

Tools

License Type
Free
Developer
Foxton Forensics

Free tool for inspecting the contents of SQLite databases.

Tools

License Type
Free
Developer
Foxton Forensics

Browser History Viewer (BHV) is a forensic software tool for extracting and
viewing internet history from the main desktop web browsers.

Tools

License Type
Free
Developer
Foxton Forensics

Browser History Capturer allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle or via a Remote Desktop connection to capture history from Chrome, Edge, Firefox and Internet Explorer web browsers.

Tools

License Type
Commercial - Paid
Developer
Foxton Forensics

BHE is a forensic software tool for capturing, analysing and reporting internet history from the main desktop web browsers.

641 results - showing 61 - 80
« 1 2 3 4 5 6 7 8 9 10 ... »