Home Digital Forensics BIBLIO What's New ALL Other Resources Digital Forensic Books OS Specific Articles Links to Links Reciprocal Links About This Site

ONGOING FORENSIC PROJECTS These are links to HASH SETS BOOTABLE FORENSIC CDs FILE SIGNATURE LISTS ALL OTHER : Research, tool development projects, etc. related to all areas of digital forensics. HASH SETS Dan Farmer's baseline collection [from archive.org] Encase hash sets [from Berryhill Forensics] Windows 95, 98, NT 4.0, Office 97 & 2000 pro FileAdvisor An online search engine with more than 4TB worth of computer software files, allowing users to check any unknown files on their hard drives to determine the source for the file. Built atop a NIST database. Guidance Software Hash Sets [Bottom of page] Hacker Tools (complements of Dan Purcell) HashKeeper Hash Sets [Restricted] Maresware Hash Set CD Merged the Hashkeeper hash sets which comprise of about 700,000 hashes with hashes provided by a federal agency in charge of standards, thus providing significant more hashes than the Hashkeeper data sets. National Software Reference Library (NSRL) Project Collecting software from various sources and incorporating file profiles computed from this software into a Reference Data Set (RDS) of information Rootkit Hunter A project to combine the various hashsum sources into a single meta RDBMS (relational database management system). Steganography Application Fingerprint Database (SAFDB) [Free to Law Enforcement] The SAFDB can be used by computer forensic examiners to determine whether any files on seized media can be associated with a particular digital steganography or other data-hiding application. The Solaris Fingerprint Database An Identification Tool for Solaris Software and Files BOOTABLE FORENSIC CDs DEFT [Digital Evidence & Forensic Toolkit] A customized distribution of the Kubuntu live Linux CD. Farmer's Boot CD [Commercial] Boot most any x86 system; Mount file systems in a forensically sound manner; Preview the data you're looking for using just one point-and-click interface; Acquire data after you've previewed the data and found it pertinent to your case FCCU GNU/Linux Forensic Bootable CD A bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit. FIRE Forensic and Incident Response Environment Bootable CD (formerly known as biatchux); FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. FIRST [.iso] Forensic Investigation and Recovery Systems bundled in a live CD (Bootable CD) called FIRSTLIVE CD Helix "Helix is a customized distribution of the Knoppix Live Linux CD. Helix has more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics." Screenshots gallery Incident Response Italy CD [Translated from Italian at Google] IRItaly CD is cdrom bootable, based on Linux, to the aim to realize one first analysis forense of answer to the incident and therefore: - recovery gives to you - analysis of images forensi - search of virus - appraisal of the vulnerabilities INSERT (Inside Security Rescue Toolkit) An Incident Response bootable CDROM Knoppix-FLAG A remastered KNOPPIX self-booting linux CD image which has been slimmed down to ~300Mb and includes all FLAG functionality. Knoppix STD A customized distribution of the Knoppix Live Linux CD LNX-BBC The Linuxcare Bootable Business Card CD Single disk distribution designed for forensics (even has TCT) containing such things as network drivers and file system stuff for mounting and transferring information off the machine. Local Area Security Linux Contains over 200 information security and administration related tools. MacQuisition Boot CD [Commercial] A forensic acquisition tool used to safely and easily image Mac suspect drives using the suspect’s own system. MacQuisition provides an intuitive user interface to traditional command line, providing both beginner and advanced forensic examiners a flexible, open environment within which to perform imaging from any system which can boot OS X and firewire. Melior Forensics Incident Response Environment [Commercial] Modified F.I.R.E. bootable CDROM Network Security Toolkit (NST) This bootable ISO live CD is based on Fedora Core 4 Operator CD Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system. Penguin Sleuth Kit [New version] The new version runs as a Vmware virtual machine instead of a boot cd. The image is currently available via Bit Torrent, or SourceForge. [Old version] This .iso is geared towards the live previewing of computer systems out in the field. PHLAK The Professional Hacker's Linux Assault Kit - A bootable CD distribution loaded with tools for pentesting (including wireless), forensics and auditing. Plan-B Plan-B is a bootable Linux environment without the need for a hard drive, it runs entirely in ram or from the cd, based on a basic, stripped installation of Red Hat Linux and the fundamental workings of the SuperRescue CD. Portable Linux Auditing CD PLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. The Sleuthkit The official website for The Sleuth Kit and The Autopsy Forensic Browser. SMART Linux boot CD [Commercial Product - evaluation available] SMART Linux is a live CD and an installable distribution of Linux designed for Data Forensics and Incident Response Snarl FreeBSD Forensics Bootable iso Spenneberg's Forensic Rescue CD This iso-image includes a bootable CD based on the Red Hat Sysadmin Rescue CD. Several forensic tools were added to this CD. staticiso An ISO image of statically linked binaries, good for forensics and system recovery ThePacketMaster Linux Security Server Live Security/Forensics Linux Distribution, built from scratch and packed full of tools useful for vulnerability analysis, penetration tests, and forensic analysis. TPM Security Server Live Security/Forensics Linux Distribution, built from scratch and packed full of tools useful for vulnerability analysis, penetration tests, and forensic analysis. White Glove Fred Cohen's Bootable Linux CD-ROMs FILE SIGNATURE LISTS File Signatures Table Maintained by Gary Kessler headersig.txt ProDiscover DFT Header Mismatch Configuration File Signatures of Macintosh Files Self-explanatory Solaris Fingerprint Database (sfpDB) SunSolve service that enables you to verify the integrity of files distributed with the Solaris Operating Environment (for example, the /bin/su executable file), Solaris patches, and unbundled products such as SPARCcompilers. Tim Coakley's FileSig Manager An excellent resource for keeping your file signature database up-to-date Type/Creator Database (TCDB) Type/Creator Database is a collection of Macintosh files [two] four-character codes ALL OTHER PROJECTS The CFReDS Project NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator documented sets of simulated digital evidence for examination. Code of Practices for Digital Forensics A criteria selection for guiding and assuring activities concerned with the analysis of digital evidence. It covers legal, police and operational aspects. It is not a technical manual for computer forensic analysis; it is a criteria-based manual. Computer Forensics Open Guide! This website is an collaborative initiative. It is intended to be constructed openly by volunteer contributors. Computer Forensic Tool Testing Project The objective of the Computer Forensics Tool Testing project is to provide a measure of assurance that the tools used in computer forensics investigations produce accurate results. Defining Standards in Digital Forensics (DESDIFOR) The purpose of DESDIFOR is to provide guidance on the management of digital evidence, and assure that digital evidence managed according to the results of DESDIFOR is managed in compliance with Norwegian law. The Digital Evidence Project (ABA) [Restricted] http://www.digitalevidence.org/ Digital Forensic Lessons Learned Repository [Link to archive.org] Does not appear to be active The LLR will initially be populated through contributions from a set of selected computer forensics specialists from the Law Enforcement community, the results of an analysis of the transcripts of past court cases involving electronic evidence and standardized procedures for collecting the data from a device in a legally admissible manner. Digital Forensics Tool Testing Images To fill the gap between extensive tests from NIST and no public tests, [Brian Carrier] has been developing small test cases. These are file system and disk images for testing digital (computer) forensic analysis and acquisition tools. The Electronic Discovery Reference Model Project A new initiative for the development of an electronic discovery reference model. Addresses the need for industry standards and guidelines through the development of a Reference Model for Electronic Discovery Forensic Tools for Xml (FTXml) Based on a standard evidence format FoXML Forensics Server Project The Forensics Server Project is an effort to provide a degree of automation to the collection of data during a 'live' forensics, or 'root cause' investigation. The Forensix Project See also The goal of the Forensix ("4N6") Project is to allow a system to be monitored so that, in the event of a security compromise, it is easy to track the compromise back to its source. Honeynet Project Need I explain!! Integrity Project Home of FTimes and HashDig projects ODESSA Project Home Page The Open Digital Evidence Search and Seizure Architecture is a cross-platform framework for performing Computer Forensics and Incident Response. Open Source Computer Forensics Manual Author - Matias Bevilacqua An open-source manual for computer forensics covering methodology and processes Open Source Digital Forensics A reference on the use of open source software in digital forensics RACES - Rapid Automated Computer Examination System This project with the Singapore Police Force aims is to develop a Computer Forensic Examination system that provides possible legal evidence to assist in the investigation efforts of Law Enforcement Agencies. Rootcheck Project RootCheck is an Open Source software that scans all the system looking for possible problems SCSI Computer Forensics This bootdisk (floppy image) lets a first responder quickly secure vital forensic evidence from a running Unix machine System for Triaging Key Evidence (STRIKE) Currently under development is a ruggedized, easy-to-use, portable digital forensics device based upon the Linux operating system and other Open Source software, as well as proprietary software. © 2006-2007 All rights reserved