📜  Kali Linux取证工具

📅  最后修改于: 2021-01-05 05:00:36             🧑  作者: Mango

法证工具

”法证工具”

Tools Description
Binwalk It is a tool for searching a given binary image for embedded files and executable code.
bulk-extractor It extracts information without parsing file systems such as e-mail addresses, credit card numbers, URLs, and other types of details from digital evidence files.
Capstone It is a framework used for binary analysis and reversing. It supports multiple hardware architectures and provides semantics of the disassembled instruction.
chntpw It is used to view information and change user passwords in Windows NT/2000 user database file.
Cuckoo It is a malware analysis system that can provide you the details of suspicious files you asking for.
dc3dd It is a patched version of GNU dd with added features for computer forensics.
ddrescue It duplicates data from one file or block device to another specified file or block.
DFF DFF stands for Digital Forensic Framework. It is used to quickly and easily collect, preserve, and reveal digital evidence without compromising systems and data.
diStorm3 It is a lightweight, easy-to-use, and fast decomposer library that disassembles a staged reverse shell generated by msfpayload.
Dumpzilla Dumpzilla is a tool to extract all forensic related information of Firefox, Iceweasel, and Seamonkey browsers to analyse.
extundelete This tool is used to recover deleted files from ext3/ext4 file system partition.
Foremost It is a forensic tool to recover lost files based on their headers, footers, and internal data structures.
Galleta It is a forensic tool that examines the content of cookies produced by Internet explorer.
Guymager It is a free forensic imager for media access. It generates flat, EWF, and AFF images support disk cloning.
iPhone Backup Analyzer It is a backup utility designed to browse easily through the backup folder of an iPhone.
p0f It is a traffic fingerprinting mechanism to identify the process behind any incidental TCP/IP communications without disturbing the process in any way.
Pdf-parser It is used to parse a PDF document to identify the fundamental elements used in the analysed file.
pdfid It scans a file to look for certain pdf keywords, allowing you to identify PDF documents that contain JavaScript.
pdgmail It extracts Gmail artefacts from a pd process memory dump
peepdf It is a pdf analysis tool to explore PDF files in order to find if the file can be harmful or not.
RegRipper It extracts information from the windows registry and presents it for analysis.
Volatility It is a memory forensic analysis platform to extracts the digital artefacts from the RAM samples.
Xplico It is a network forensic analysis tool that extracts application data from internet traffic.