An open standard enables investigators to quickly and efficiently use their preferred tools to solve crimes, gather intelligence, and resolve security incidents.ĪtomicParsley is a lightweight command line program for reading, parsing and setting metadata into MPEG-4 filesīkhive is a tool to extract the Windows System-key that is used to encrypt the hashes of the userpasswords. Using AFF, the user is not locked into a proprietary format that may limit how he or she may analyze it. AFF is an open and extensible file format to store disk images and associated metadata. The Advanced Forensics Format (AFF) is an extensible open format for the storage of disk images and related forensic metadata. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).Ĭonduct File Listing, View File Content, Compare files in user created or downloaded Hash Databases, File Type Sorting by internal signatures, Create a Timeline of File Activity, conduct Keyword Searches, File System Meta Data Analysis, Data Unit (File Content) Analysis in multiple formats, File System Image Details: Case Management of one or more host computers, Event Sequencer allows you to add time-based events from other systems (ie firewall/ids logs), Notes about case, Image Integrity verification, Report Creation, Audit Logging of investigation, The Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. It is suitable for a wide variety of word processing tasks. Double hash.ĪbiWord is a free word processing program similar to Microsoft® Word. (Special thanks to Joetekno for this list)ĪIR is a GUI front-end to dd and dc3dd designed for easily creating forensic bit images. Incorrect timestamps (that are equal to zero) are handled as 00:00:00)īroadcom Corporation BCM4313 wireless card drivers INDEXparse.py, Shellbags.py, evtxexport.py, extxinfo.pyįstrim disabled (enable uncommenting the row in /etc/cron.weekly/fstrim)
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode. This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
The important news is CAINE 7.0 blocks all the block devices (e.g.
0 kommentar(er)
