[1]Nigilant32: a Windows GUI Incident Response Tool (currently beta)
http://www.agilerm.net/publications_4.html
[2]Paul Bakker released a new version of his searchtools patch for sleuthkit 2.04
http://brainspark.nl/tools#searchtools_patch
Protected Storage Explorer是一款轻便小巧的取证工具,查看各被保存的数据, 包括Microsoft Outlook密码, , MSN, 电话号码, 信用卡号码, 网电子邮件, 搜索引擎询问, 网页用户名和密码,和要求认证站点的被贮藏的注册证件(包括FTP 站点。) 绿色软件(50KB),虽然功能不是很强大。
[3]Protected Storage Explorer
http://www.forensicideas.com/tools.html
[4]Having come across this website i thought i'd share a website offering
Forensic Acquisition Utilities :
http://users.erols.com/gmgarner/forensics/
1.dd.exe: A modified version of the popular GNU dd utility program
2.md5lib.dll: A modified version of Ulrich Drepper's MD5 checksum implementation in Windows DLL format.
3.md5sum.exe: A modified version of Ulrich Drepper's MD5sum utility.
4.Volume_dump.exe: An original utility to dump volume information
5.wipe.exe: An original utility to sterilize media prior to forensic duplication.
6.zlibU.dll: A modified version of Jean-loup Gailly and Mark
Adler's zlib library based on zlib-1.1.4.
7.nc.exe: A modified version of the netcat utility by Hobbit.
8.getopt.dll: An implementation of the POSIX getopt function in a Windows DLL format.
Please excuse the post if this has already been posted / shared.
Original link was obtained from here :
http://www.ntsecurity.nu/onmymind/2006/2006-06-01.html
相关详细看连接就明了
工具都很简单,使用也方便,虽然功能不是很强大!
http://www.agilerm.net/publications_4.html
[2]Paul Bakker released a new version of his searchtools patch for sleuthkit 2.04
http://brainspark.nl/tools#searchtools_patch
Protected Storage Explorer是一款轻便小巧的取证工具,查看各被保存的数据, 包括Microsoft Outlook密码, , MSN, 电话号码, 信用卡号码, 网电子邮件, 搜索引擎询问, 网页用户名和密码,和要求认证站点的被贮藏的注册证件(包括FTP 站点。) 绿色软件(50KB),虽然功能不是很强大。
[3]Protected Storage Explorer
http://www.forensicideas.com/tools.html
[4]Having come across this website i thought i'd share a website offering
Forensic Acquisition Utilities :
http://users.erols.com/gmgarner/forensics/
1.dd.exe: A modified version of the popular GNU dd utility program
2.md5lib.dll: A modified version of Ulrich Drepper's MD5 checksum implementation in Windows DLL format.
3.md5sum.exe: A modified version of Ulrich Drepper's MD5sum utility.
4.Volume_dump.exe: An original utility to dump volume information
5.wipe.exe: An original utility to sterilize media prior to forensic duplication.
6.zlibU.dll: A modified version of Jean-loup Gailly and Mark
Adler's zlib library based on zlib-1.1.4.
7.nc.exe: A modified version of the netcat utility by Hobbit.
8.getopt.dll: An implementation of the POSIX getopt function in a Windows DLL format.
Please excuse the post if this has already been posted / shared.
Original link was obtained from here :
http://www.ntsecurity.nu/onmymind/2006/2006-06-01.html
相关详细看连接就明了
工具都很简单,使用也方便,虽然功能不是很强大!