Extracts the user names and passwords stored by Mozilla Firefox Web browser.Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys.Details previously attached USB devices.Displays 20+ attributes relating to USB device use on Windows systems.Details previously attached USB devices on exported registry hives.Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Presents visual representation of what a user’s directory structure looked like.Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software.Registry data extraction and correlation tool.Provides deleted artefact recovery, value slack support, and robust searching. For the acquisition, analysis, and reporting of registry contents.US National Institute of Justice, Digital Forensics Solutions.Supports simple & regular expression searches as well as searching by last write timestamp. Eric Zimmerman, Command line access to offline Registry hives.Microsoft, Examine Windows processes and registry threads in real time.Woanware, Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file.Eric Zimmerman, Dumps list of shimcache entries showing which executables were run and their modification dates.Produces HTML report file containing the saved pages. Magnet Forensics, Takes list of URLs saving scrolling captures of each page.Mandiant, Reviews list of URLs stored in the history files of the most commonly used browsers.Nirsoft, Decrypts the content of the Opera Web browser password file, wand.dat.Nirsoft, Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache.Nirsoft, Extracts the user names and passwords stored by Mozilla Firefox Web browser.Nirsoft, Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace).Nirsoft, Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page.Nirsoft, Parses the cookie folder of Firefox/Mozilla/Netscape Web browsers.Nirsoft, Reads the cache folder of Firefox/Mozilla/Netscape Web browsers.Nirsoft, Extract stored passwords from Internet Explorer versions 4 to 8.Nirsoft, Extracts various details of Internet Explorer cookies.Belkasoft, Captures information publicly available in Facebook profiles.Busindre, Runs in Python 3.x, extracting forensic information from Firefox, Iceweasel and Seamonkey browsers.Shows search terms used as well as dates of and the number of visits. Mike’s Forensic Tools, Extracts embedded data held within Google Analytics cookies.Nirsoft, Reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.CCL Forensics, Python module for performing off-line parsing of Chrome session files (“Current Session”, “Last Session”, “Current Tabs”, “Last Tabs”).Foxton Software, Extract, view and analyse internet history from Firefox, Chrome, Internet Explorer and Edge web browsers.Foxton Software, Captures history from Firefox, Chrome, Internet Explorer and Edge web browsers running on Windows computers.SysTools, View (not save or export) OLM file emails and attachments.SysTools, View (not save or export) MSG file emails and attachments.SysTools, View (not save or export) MS SQL MDF files.SysTools, View (not save or export from) E01 files & view messages within EDB, PST & OST files.SysTools, View (not save or export) Loutus Notes DXL file emails and attachments.SysTools, View (not save or export from) contents of BKF backup files.Volatile Systems, Collection of tools for the extraction of artefacts from RAM.Brian Carrier, Collection of UNIX-based command line file and volume system forensic analysis tools.Harlan Carvey, Automates ‘repetitive tasks of data collection’.ArxSys, Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items.Brian Carrier, Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below).SignalSEC Corp, Obtain SMS Messages, call logs and contacts from Android devices.CCL Forensics, Deconstructs Blackberry.Dan Roe, Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.Robin Wood, Extracts phone model and software version and created date and GPS data from iPhone videos.Leo Crawford, Mat Proud, Explore the internal file structure of Pad, iPod and iPhones. Computer Forensics Tools – Part III Mobile devices
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |