| Byte Back | |
| Submit Date: 4/5/2000 10:06:26 AM | License Info: commerical Price: see website |
| Short Description: Powerful low level cloning, imaging, data recovery, and computer forensic tools. | |
| Web Link: http://www.toolsthatwork.com/byte.htm | |
| Home Page: http://www.toolsthatwork.com/ | |
Rating:  | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Byte Back - Powerful low level cloning, imaging, data recovery, and computer forensic tools. Clones/images most drive formats, bypassing 8.4 GB limitation! Perform safe recoveries on hard disk, Zip, Jaz, Syquest, floppy, and more. | |
| Cache Reader for Internet Explorer | |
| Submit Date: 1/3/2002 3:29:03 PM | License Info: see website Price: see website |
| Short Description: Cache Reader for Internet Explorer (versions 5, 6) | |
| Web Link: http://www.talknet.de/~wolfgbaudisch/CR5.exe | |
| Home Page: http://www.talknet.de/~wolfgbaudisch/CacheReader.htm | |
| Rating: | |
| Submitted By: Wolfgang Baudisch | |
| Information: Cache Reader reads the index.dat file in the Temporary Internet Files (TIF) folder of Internet Explorer ® 5 or in any other folder selected and presents data as a synoptic table, either in chronological or alphabetical order. It shows the URLs of the pages stored in cache and the dates of latest visit. | |
| CD-R Diagnostic | |
| Submit Date: 3/2/2001 7:58:44 AM | License Info: see website Price: see website |
| Short Description: A extremely useful tool for exploring CD-Rs and CD-ROMs | |
| Web Link: http://www.cdrom-prod.com/body_cd-r_diagnostic.html | |
| Home Page: http://www.cdrom-prod.com/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: CD-R Diagnostic allows you to test, examine and recover data from CD, CD-R and CD-RW discs. This includes support for discs written using Adaptec DirectCD and CeQuadrat PacketCD as well as other packet-writing programs. It bypasses Windows and other CD software installed on your computer to allow complete freedom to examine nearly any CD, including Macintosh and audio discs. Directory display of all sessions. Display of volume label information. Display the entire Table of Contents. Display an analysis of a CD-ROM or CD-R. Sample a CD-R for recording errors. | |
| CD-R Inspector | |
| Submit Date: 1/3/2002 3:07:35 PM | License Info: commercial Price: see website - download version less cost |
| Short Description: CD Analysis and Forensic Tool | |
| Web Link: http://www.cdrom-prod.com/cd-r_inspector.html | |
| Home Page: http://www.cdrom-prod.com/ | |
| Rating: | |
| Submitted By: CERI Labs | |
| Information: Saves and restores the information for a disc. This allows a disc to be fully processed once and then later examined without the lengthy initial information gathering. This is specifically intended for use with data recovery services and for computer forensic applications where the same disc may need to be re-examined multiple times. In addition to simply displaying sectors, CD-R Inspector™ can search the entire surface of a disc for particular data in hexadecimal or character. This allows locating “hidden” information that may even be outside what is normally displayed when deleted or hidden files are shown in the directory listing. Scans all files on a disc for particular contents. This allows rapidly processing “unreadable” discs to locate certain types of files (GIF, JPG, ZIP, etc.) in the same manner as other hard disk forensic programs do. Improved display of hybrid Mac-PC discs to show the contents of multiple file systems on the same track. Will play and analyze CD+G graphic data streams. If you are developing a CD+G disc this may be of interest. All CD Text information is also displayed for audio discs. The Error Summary has been improved and enhanced to provide a graphic display of the results.
| |
| CoComp SCSI Pro | |
| Submit Date: 4/5/2000 9:57:18 AM | License Info: commerical Price: see website |
| Short Description: SCSI Device Diagnostic and Utility | |
| Web Link: http://www.toolsthatwork.com/scsitool.htm | |
| Home Page: http://www.toolsthatwork.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: CoComp SCSI Pro - SCSI Device Diagnostic and Utility Software for all Windows. Diagnoses SCSI hard disk, CD-Rom, Optical, Juke, and Tape devices. Full utility sets in two different levels. Edit mode pages, update firmware, block copy, and much more! | |
| Code Warrior for Palm OS | |
| Submit Date: 8/4/2000 12:18:02 PM | License Info: see website Price: see website |
| Short Description: Develop and debug Palm apps | |
| Web Link: http://www.palmos.com/dev/tech/tools/cw/ | |
| Home Page: http://www.palmos.com/dev/tech/tools/cw/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: You can create software programs that run directly on a Palm OS handheld from the comfort of your Windows 95/98/NT or Mac OS computer using the award-winning CodeWarrior Integrated Development Environment. (Cybersnitch Note: Excellent tool for Computer Forensic) | |
| dtSearch | |
| Submit Date: 4/7/2000 11:59:02 AM | License Info: commercial Price: see website |
| Short Description: Instantly Search Gigabytes of Text | |
| Web Link: http://www.dtsearch.com/download.html | |
| Home Page: http://www.dtsearch.com/ | |
Rating:  | |
| Submitted By: TUCOFS Referral Service | |
| Information: Instantly Search Gigabytes of Text Fast, precision searching: over two dozen text search options, most indexed searches take less than a second, even through very large databases. Also has unindexed searching. Organization-wide reach: automatically recognizes word processor, database, spreadsheet, email, PDF, ZIP, HTML, XML, Unicode files & more FindPlus®: distributed searching extends the reach of a single search request to remote enterprise servers with point and click setup Hit highlighting: highlights hits in HTML and PDF while keeping embedded links and images intact, and converts other file types to HTML for display with highlighted hits The new release adds FindPlus® distributed searching, a Web spider, enhanced XML support and Unicode support, to improve access to information throughout an organization. The new release also offers API enhancements, expanding the dtSearch developer component’s utility for use with a wide variety of programming languages.
"Superb ... a multitude of high-end features" - PC Magazine | |
| East-Tec FormatSecure 2001 | |
| Submit Date: 5/13/2001 1:11:22 AM | License Info: Trialware Price: $29.95 |
| Short Description: Don | |
| Web Link: http://www.east-tec.com/erprod/formatsc/ | |
| Home Page: http://www.east-tec.com/ | |
| Rating: | |
| Submitted By: George Pecherle | |
| Information: East-Tec FormatSecure 2001, in addition to formatting a drive, securely wipes the data in order to eliminate all sensitive information beyond recovery. The product goes beyond U.S. Department of Defense security standards and provides protection against all methods and equipment of data recovery. East-Tec FormatSecure 2001 features a very intuitive wizard interface and can securely format any floppy, ZIP or hard drive directly from Windows Explorer.
| |
| Encase 2.0 | |
| Submit Date: 5/23/2000 9:00:49 PM | License Info: commercial Price: see website |
| Short Description: A complete forensic software application (version 2.x) | |
| Web Link: http://www.guidancesoftware.com/ | |
| Home Page: http://www.guidancesoftware.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Encase is the only fully integrated forensic application for Windows. Encase allows you to conduct a powerful, yet completely non-invasive search of any number of hard drives or computer disks in one pass.
A MUST HAVE! Version 2 is something to check out! With enhanced features including user interface support, image browsing capabilities, NTFS and Linux file system support and plenty other features to make this bundle worthy of any forensic investigator's attention. | |
| Encase 3.0 | |
| Submit Date: 12/18/2002 2:16:35 PM | License Info: Commercial Price: See Website |
| Short Description: A complete computer forensic solution | |
| Web Link: http://www.guidancesoftware.com/products/software/encaseforensic.shtm | |
| Home Page: http://www.guidancesoftware.com/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: Award winning and validated by the courts, EnCase allows law enforcement and IT professionals to conduct a powerful, yet completely non-invasive computer forensic investigation. EnCase features a intuitive GUI that enables examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space. The solution effectively automates core investigative procedures, replacing archaic, time-consuming and cost-prohibitive processes and tools. | |
| Encase 4.0 | |
| Submit Date: 12/18/2002 2:18:24 PM | License Info: Commercial Price: See Website |
| Short Description: A complete computer forensic solution | |
| Web Link: http://www.guidancesoftware.com/products/software/encaseforensic.shtm | |
| Home Page: http://www.guidancesoftware.com/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: Now with PST, NTFS file compression, Unix file, and RAID support! Award winning and validated by the courts, EnCase allows law enforcement and IT professionals to conduct a powerful, yet completely non-invasive computer forensic investigation. EnCase features a intuitive GUI that enables examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space. The solution effectively automates core investigative procedures, replacing archaic, time-consuming and cost-prohibitive processes and tools. | |
| Gargoyle 2.1 | |
| Submit Date: 4/15/2005 12:02:13 PM | License Info: Price: |
| Short Description: Super Charging Digital Investigations | |
| Web Link: http://www.wetstonetech.com/catalog/item/1104418/620819.htm | |
| Home Page: http://www.wetstonetech.com | |
| Rating: | |
| Submitted By: webmaster | |
| Information: Uncover a Hidden Digital Arsenal. Maximize your time. Streamline your Investigation. Identify nefarious intent. Determine Modus Operandi. Identify Incriminating evidence. Audit User Bahavior. Enforce Corporate Policy. | |
| Hasher | |
| Submit Date: 11/21/2001 10:28:32 PM | License Info: see website Price: see website |
| Short Description: File and directory hashing utility | |
| Web Link: http://patriot.net/~carvdawg/scripts/hasher.pl | |
| Home Page: http://patriot.net/~carvdawg/perl.html | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: Hasher.pl is a script that creates a Tk GUI to implement a hashing utility for NT/2K. I wrote this at the request of a friend, and he specifically wanted a GUI. The script was successfully compiled using Perl2Exe, and the resulting standalone .exe file was successfully tested on NT SP6a and 2K SP2.
The CLI (command line interface) version of this tool is located in the Hash.zip archive. Simply unzip all of the files to a directory, and run the tool. The only argument it takes is the name of a file or directory.
C:\>hash c:\temp\somefile.tmp
C:\>hash c:\
If a directory is passed to the tool, it returns MD5 and SHA1 hashes for all of the files in that directory.
| |
| HashKeeper | |
| Submit Date: 5/24/2000 8:33:15 AM | License Info: freeware Price: free (for law enforcement type organizations) |
| Short Description: Quickly and efficiently examine file types | |
| Web Link: ftp://ftp.cis.fed.gov/pub/HashKeeper/Docs/HKSum.htm | |
| Home Page: ftp://ftp.cis.fed.gov/pub/HashKeeper/ | |
| Rating: | |
| Submitted By: Brian R. Deering | |
| Information: HashKeeper is a database application of value primarily to those conducting forensic examinations of computers on a somewhat regular basis. The application uses the MD5 file signature algorithm to establish unique numeric identifiers (hash values) for known files and compares those known hash values against the hash values of unknown files on a seized computer system. Where those values match, the examiner can say, with statistical certainty, that the unknown files on the seized system have been authenticated and therefore do not need to be examined. | |
| HEX Workshop | |
| Submit Date: 4/5/2000 9:50:26 AM | License Info: see website Price: see website |
| Short Description: Combine advanced binary editing with ease of a word processor | |
| Web Link: http://www.bpsoft.com/downloads/ | |
| Home Page: http://www.bpsoft.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Hex Workshop is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, print customizable hex dumps, and export to RTF or HTML for publishing. Additionally you can goto, find, replace, compare, calculate checksums and character distributions within a sector or file. | |
| History Reader for Internet Explorer | |
| Submit Date: 1/3/2002 3:25:07 PM | License Info: see website Price: see website |
| Short Description: History Reader for Internet Explorer (versions 4, 5 and 6) | |
| Web Link: http://www.talknet.de/~wolfgbaudisch/Download.htm | |
| Home Page: http://www.talknet.de/~wolfgbaudisch/HistoryReader.htm | |
| Rating: | |
| Submitted By: Wolfgang Baudisch | |
| Information: History Reader reads all information in the complete history database and presents you a list, either in chronological or alphabetical order. Furthermore, you can open any URL in Internet Explorer, add URLs to Favorites, copy URLs, print out or save the listing or selected ranges as text file. When you have edited and saved a list you can open this file again and use it in the same way as the original one saved before.
| |
| ICQr Information | |
| Submit Date: 8/4/2000 12:29:29 PM | License Info: see website Price: see website |
| Short Description: Read ICQ.DAT file information | |
| Web Link: http://icqrinfo.headstrong.de/ | |
| Home Page: http://icqrinfo.headstrong.de/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Works for ICQ 99a & 99b, older versions are not supported. Can obtain | |
| ILook Investigator | |
| Submit Date: 4/7/2005 2:19:41 PM | License Info: see website Price: Free to Law Enforcement |
| Short Description: Access the partition file of many of other forensic imaging systems | |
| Web Link: http://www.ilook-forensics.org | |
| Home Page: http://www.ilook-forensics.org | |
Rating:  | |
| Submitted By: J Patterson | |
| Information: ILook is developed by Elliot Spencer of "The Serious Fraud Office" in London, England. It's a program which works for the most part with Safeback image files written to disk. Safeback hard drive image files it can extract
data from include FAT12 / 16 / 32 / 32x. VFAT, NTFS4, NTFS5, NTFS4 compressed, NTFS5 compressed, Mac HFS, Mac HFS+, Linux ext2fs, ext2fs (journaling variant), SCO Sys V AFS / EAFS / HTFS. It can also acquired data from DOS and Mac formatted diskettes and extract data from the Netscape 'fat.db' and the Microsoft Internet history file.
For any law enforcement entity that may have limited budget funds, this tool is a must-have because it's free!
| |
| ImageCast | |
| Submit Date: 4/5/2000 10:09:16 AM | License Info: commercial Price: see website |
| Short Description: Versatile hard drive duplication tool | |
| Web Link: http://www.imagecast.com/enter.htm | |
| Home Page: http://www.imagecast.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: ImageCast IC3 is the most versatile hard drive duplication tool in the world. Cloning takes the work out of multiple machine set ups. ImageCast IC3 enables you to multicast to hundreds of PCs simultaneously, or send a standalone image to any network drive. | |
| Inquire | |
| Submit Date: 4/15/2001 11:18:59 AM | License Info: Freeware Price: n/a |
| Short Description: Returns ESN for SCSI hard drives | |
| Web Link: http://www.sandersonforensics.co.uk/html/free_utilities.html | |
| Home Page: http://www.sandersonforensics.co.uk | |
| Rating: | |
| Submitted By: Paul Sanderson | |
| Information: Windows Application, which lists all SCSI hard drives accessible through the ASPI interface and their Electronic Serial Numbers | |
| Internet Explorer History Viewer | |
| Submit Date: 4/6/2000 8:59:48 PM | License Info: Shareware Price: $25 for a registered version |
| Short Description: Internet Explorer History Viewer | |
| Web Link: send email to: saponder@earthlink.net | |
| Home Page: send email to: saponder@earthlink.net | |
| Rating: | |
| Submitted By: Scott Ponder (saponder@earthlink.net) | |
| Information: This program reads the Internet Explorer index.dat file
and parses it out for reporting purposes.
It will also read the IE 3.x (mm256.dat/mm2048.dat),
4x., 5.x, history files, Recycle bin's INFO and INFO2 files and the Netscape Fat.db and Netscape.hst files.
This software is available to Law Enforcement and
IACIS members only and is shareware. Send requests
as email to saponder@earthlink.net | |
| LOSTPASSWORD Recovery | |
| Submit Date: 6/27/2000 1:53:59 PM | License Info: demos available (commerical) Price: see website |
| Short Description: Recover passwords from all kinds of common applications! | |
| Web Link: http://www.lostpassword.com/ | |
| Home Page: http://www.lostpassword.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Recover passwords for these and plenty of other applications: Word97/2000, Excel97/2000, Word95/6/2, Excel95/5/4, Access2/95/97/2000, Windows NT 3.x, 4.x
Outlook97/98/2000, Exchange, WinZip, PKZip, ZIP,
VBA Visual Basic modules, Internet Explorer, FileMaker,
Quicken, QuickBooks, Lotus 1-2-3, Lotus Organizer,
Lotus WordPro, Backup, Project, MYOB, Paradox,
ACT!, Mail, Schedule+, Money, WordPerfect | |
| Maresware Forensic and Analysis Software | |
| Submit Date: 4/7/2000 10:31:05 AM | License Info: commercial Price: see description or website for more information |
| Short Description: Excellent data processing and forensic programs | |
| Web Link: http://www.dmares.com/maresware/press_release.htm | |
| Home Page: http://www.dmares.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: See website for ordering and full product information for the following products:
BRANDIT, DECLASFY, DIRV, DISABLE, DISKIMAG, DISKCAT*, HASH*, HEDEDIT, HED_SECT, ISPGP*, MDIR*, MD5*, NT_WIPE, RMD*, SS, STRSRCH*, TRUETIME
Programs marked with an asterisk (*) are available in both 16 and 32 bit versions. The 32 bit versions can handle long file names, and file sizes greater than 8 gig.
Linux versions of HASH and STRSRCH also exist.
| |
| NT Password Recovery Bootable CD | |
| Submit Date: 11/21/2001 10:33:40 PM | License Info: n/a Price: n/a |
| Short Description: Set/Reset NT passwords | |
| Web Link: http://www.dmzs.com/ftproot/security/password/ | |
| Home Page: http://www.dmzs.com/ftproot/security/password/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: This is a bootable cd creator utility for Petter Nordahl's NT/Win2k Password Recovery utility, the utility allows to set/reset the password of the administrator user, by anyone who has physical access to the machine. The image created will also include SCSI support. Note: If for some reason, the zip files are unable for download you can grab an already prepared iso image.
| |
| NT Password Recovery Bootable CD | |
| Submit Date: 11/21/2001 10:39:11 PM | License Info: n/a Price: n/a |
| Short Description: Set/Reset NT passwords | |
| Web Link: http://www.dmzs.com/ftproot/security/password/ | |
| Home Page: http://www.dmzs.com/ftproot/security/password/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: This is a bootable cd creator utility for Petter Nordahl's NT/Win2k Password Recovery utility, the utility allows to set/reset the password of the administrator user, by anyone who has physical access to the machine. The image created will also include SCSI support. Note: If for some reason, the zip files are unable for download you can grab an already prepared iso image.
| |
| Offline NT Password & Registry Editor, Bootdisk | |
| Submit Date: 11/13/2000 11:34:36 PM | License Info: free Price: free |
| Short Description: Offline NT Password & Registry Editor, Bootdisk | |
| Web Link: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html | |
| Home Page: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: The bootdisk is a single floppy which contains things needed to edit the passwords on most systems.
The bootdisk supports standard (dual)IDE controllers, and most SCSI-controllers with the drivers supplied in a seperate archive below. It does not need any other special hardware, it will run on 486 or higher, with 16mb ram or more.
There's full FAT filesystem support, including long filenames (VFAT) and limited NTFS support.
| |
| Omniquad Detective | |
| Submit Date: 4/5/2000 10:02:05 AM | License Info: commerical Price: see website |
| Short Description: Determine what the system was used for | |
| Web Link: http://www.toolsthatwork.com/odet.htm | |
| Home Page: http://www.toolsthatwork.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: Omniquad Detective - Windows PC Data Sleuth. Investigates the history of the PC to determine what the system was used for, i.e. which web sites were visited, what images were downloaded, etc. Look for adult content, hacking, and anything else the user decides. | |
| PDWipe | |
| Submit Date: 4/5/2000 9:14:38 AM | License Info: commercial Price: see website |
| Short Description: Utility to wipe an entire physical hard drive | |
| Web Link: http://www.digitalintel.com/pdwipe.htm | |
| Home Page: http://www.digitalintel.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: PDWIPE is a standalone utility to wipe an entire physical hard drives. PDWIPE is capable of wiping large hard drives (in excess of 8.4Gb) at amazing speeds! Testing has demonstrated the complete wipe of an 8.4 Gb hard drive in just under 11 minutes! | |
| SB2 | |
| Submit Date: 2/3/2001 2:50:29 AM | License Info: See website Price: See website |
| Short Description: Archives SafeBack tape to disk | |
| Web Link: http://www.sandersonforensics.co.uk/html/sb2.html | |
| Home Page: http://www.sandersonforensics.co.uk | |
| Rating: | |
| Submitted By: Paul Sanderson | |
| Information: SB2 takes a SafeBack image held on tape and writes it to disk as files of a user specified size. output image files can be read by SafeBack or any other tools which can read SafeBack format files. | |
| SBConvert | |
| Submit Date: 7/30/2001 8:22:07 AM | License Info: Commercial Price: £25.00 |
| Short Description: Extracts and converts a SafeBack image from tape to BitStream files | |
| Web Link: http://www.sandersonforensics.co.uk/html/software.html | |
| Home Page: http://www.sandersonforensics.co.uk | |
| Rating: | |
| Submitted By: Paul Sanderson | |
| Information: Extract a SafeBack image from tape and write it to disk files in a BitStream/BIOS format.
Can be used to enable investigation with utilites such as ILook or AccessData FTK. | |
| SBRecover | |
| Submit Date: 4/17/2001 10:29:03 AM | License Info: Commercial Price: See Website |
| Short Description: A utility to recover data from damaged SafeBack image files. | |
| Web Link: http://www.sandersonforensics.co.uk/html/sbrecover.html | |
| Home Page: http://www.sandersonforensics.co.uk | |
| Rating: | |
| Submitted By: Paul Sanderson | |
| Information: SBrecover works by scanning through a SafeBack image file on disk looking for areas where the checksum computes and extracting these areas to a new image file. The new file is a BIOS dump type image, i.e. there are no internal checksums and this image file must be processed with a utility other than SafeBack (Linux dd, or other utilities, could be used to re-lay the image).
| |
| SearchIT | |
| Submit Date: 4/7/2000 9:00:55 AM | License Info: freeware Price: free |
| Short Description: Hard drive image scanning utility | |
| Web Link: http://www.ncis.navy.mil/Safekids/SearchIt.EXE | |
| Home Page: http://www.ncis.navy.mil/Safekids/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: NCIS is proud to provide a freeware search utility. SearchIt will first scan your hard disk for any images (regardless of extension) and display them for you to judge appropriateness. | |
| StegAlyzerAS | |
| Submit Date: 7/25/2005 11:26:45 AM | License Info: Single-user Price: |
| Short Description: Steganography Analyzer Artifact Scanner | |
| Web Link: http://www.sarc-wv.com/products.aspx | |
| Home Page: http://www.backbonesecurity.com | |
| Rating: | |
| Submitted By: Webmaster | |
| Information: Extend computer forensic examinations to include the search
for artifacts and signatures of digital steganography applications. This product includes a license to SAFDB which can also be purchased separately.
| |
| StegAlyzerSS | |
| Submit Date: 7/26/2005 3:24:36 PM | License Info: Single-user Price: |
| Short Description: Steganography Analyzer Signature Scanner | |
| Web Link: http://www.sarc-wv.com/products.aspx | |
| Home Page: http://www.backbonesecurity.com | |
| Rating: | |
| Submitted By: Webmaster | |
| Information: StegAlyzerSS detects 29 distinct signatures of steganography applications and also includes functions to identify file types that may be potential carrier files (i.e., may contain hidden information). Techniques and procedures available to extract information hidden with each of the 29 applications for which a signature exists. Contact the SARC for details and pricing.
| |
| Steganography Application Fingerprint Database (SAFDB) | |
| Submit Date: 7/26/2005 3:20:58 PM | License Info: Single-user Price: |
| Short Description: MS Access database that contains application profiles for 230 digital steganography applications and | |
| Web Link: http://www.sarc-wv.com/products.aspx | |
| Home Page: http://www.backbonesecurity.com | |
| Rating: | |
| Submitted By: Webmaster | |
| Information: SAFDB can be use to help the examiner determine if a
steganography application exists on seized or suspect storage media. If a
steganography application is found, chances are it was used to hide something. The application profiles in SAFDB can be consulted to determine the technique used to hide the information which may facilitate attempts to extract any hidden information. Copies of the steganography applications are available from the SARC's archives for use by the examiner and/or SARC technical staff to attempt hidden information extraction. | |
| Stego Suite 4.1 | |
| Submit Date: 4/15/2005 12:34:25 PM | License Info: See Website Price: See Website |
| Short Description: Superb Accurate Detection of Steganography | |
| Web Link: http://www.wetstonetech.com/catalog/item/1104418/619451.htm | |
| Home Page: http://www.wetstonetech.com/f/Stego_Training_Syllabus.pdf | |
| Rating: | |
| Submitted By: Webmaster | |
| Information: Steganography Investigator Training
Course Fee: $1795 Includes copies of Stego Suite„· and Gargoyle Investigator„· Standard Edition)
Please Call for Law Enforcement, Education and Bundled Training Discounts!
Upon completion of this intense two-day course, Investigators will have a complete understanding of the threat posed by the use of steganographic technologies in the current digital environment. Threats posed by criminals exploiting children, terrorists and crime organizations creating covert communication channels, and disgruntled company insiders are some of the topics that will be covered. Students also learn how to conduct a complete steganography investigation from suspicion to detection, analysis, cracking, and finally to recovery of the hidden information.
The course includes 6 hours of lecture, 6 hours of practical lab exercises and investigation, and a 2 hour written and practical exam. Students are provided their own laptop with all tools and laboratory exercises installed for the lecture and hands-on portions of the labs. In addition, all students receive complimentary fully licensed copies of WetStone¡¦s Stego Suite and Gargoyle Investigator Standard Edition software products, (including 1 year of software maintenance & updates), the steganography embedding tools used during the class, and a reference CD containing the training materials and lab exercises.
All participants are eligible to receive 1.6 CEU credits and a course completion certificate. Those sitting for, and passing WetStone¡¦s written and practical exam, receive a ¡¥Certified Steganography Examiner¡¦ certificate.
For WetStone¡¦s training schedule or to register for an upcoming training, please visit us at www.wetstonetech.com.
| |
| Tape Toolkit | |
| Submit Date: 10/19/2001 12:13:11 PM | License Info: Commercial Price: See website |
| Short Description: TTK - A Sector level viewer and search utility for SCSI tapes | |
| Web Link: http://www.sandersonforensics.co.uk/html/software.html | |
| Home Page: http://www.sandersonforensics.co.uk/ | |
| Rating: | |
| Submitted By: Paul Sanderson | |
| Information: A sector level viewer for SCSI Tapes. View a sector as ASCII, EBCDIC or Hex. Search for strings, hex or unicode. Copy ranges of bytes or whole tape files to disk. | |
| THUMBSPlus | |
| Submit Date: 4/5/2000 9:52:58 AM | License Info: shareware Price: see website |
| Short Description: Locate, view, edit, print and organize your images | |
| Web Link: http://www.cerious.com/download.htm | |
| Home Page: http://www.cerious.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: It's only the most effective, elegant and inexpensive way to locate, view, edit, print and organize your images, metafiles, fonts and movies. | |
| Windows NT Forensic Utility Suite | |
| Submit Date: 4/6/2000 8:35:24 PM | License Info: see website Price: see website |
| Short Description: A suite of Windows NTFS utilities | |
| Web Link: http://www.forensics-intl.com/suite9.html | |
| Home Page: http://www.forensics-intl.com/ | |
| Rating: | |
| Submitted By: Cybersnitch Webmaster | |
| Information: The Windows NTFS Suite includes the following:
DiskSearch NT - A Text Search Utility for Windows NT. It searches files, slack and erased space.
FileList NT - A disk catalog tool used to evaluate computer use time lines for normal and erased files on Windows NT
systems.
GetFree NT - An ambient data collection tool used to capture unallocated data on Windows NT systems.
GetSlack NT - An ambient data collection tool used to capture file slack on Windows NT systems.
ShowFL NT - A program used to analyze the output of the NT FileList program.
| |
| WINGREP | |
| Submit Date: 1/3/2002 3:36:21 PM | License Info: see website Price: see website |
| Short Description: Searching for strings quickly and painlessly | |
| Web Link: http://www.hurricanesoft.com/prod01.htm | |
| Home Page: http://www.hurricanesoft.com/ | |
| Rating: | |
| Submitted By: TUCOFS Referral Service | |
| Information: WinGREP is a utility intended to make searching for strings quick and painless. Regular Expressions are simple and fast to create with no characters to memorize or confuse. Search results can be viewed in your IDE, in the Hurricane Editor, or any other editor you choose. Hierarchical lists and Quick-Preview makes WinGREP fast and easy to use.
| |