classify-list
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDEFGHI
1
File ExtensionToolCategorySub-CategoryTypeUseful SwitchesTool DescriptionLinkageRequire Install?
2
elfPyelftoolsMalwareFile AnalysisCLILibrary for analyzing ELF files and DWARF debugging informationhttp://pypi.python.org/pypi/pyelftools/
3
7z, gz, zip, rar, dmg7zipFile AnalysisArchiveBothA file archiver with a high compression ratio.http://www.7-zip.org/
4
jar, ear, war7zipFile AnalysisJavaBothA file archiver with a high compression ratio.http://www.7-zip.org/
5
exe7zipFile AnalysisPE AnalysisBotth7z x <filename> -osections
7z l <filename>
A file archiver with a high compression ratio.http://www.7-zip.org/
6
swfAdobe SWF InvestigatorFile AnalysisFlashGUIGUI based tool that lets you both statically and dynamically analyze SWF files.http://labs.adobe.com/downloads/swfinvestigator.html
7
aeskeyfindObfuscation/EncryptionFind obfuscated or encrypted data
8
affAFFuseForensicsDisk AnalysisA FUSE-based program that gives you access to Advanced Forensic Format containers.http://www.afflib.org
9
-AlternateStreamViewForensicsAlternate Data StreamsCLIAlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system.http://www.nirsoft.net/utils/alternate_data_streams.html
10
analyzeMFT.plForensicsFilesystem Analysis
11
AnubisOnline HelpFile Analysishttp://anubis.iseclab.org/
12
-APImonitorMalwareFilesystem MonitoringGUIMonitors and controls API calls made by applications and services.http://www.rohitab.com/apimonitorYes
13
-AutorunsSystemFilesystem AnalysisBothhttp://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
14
AVG ZeroAccess RemoverMalwareRootkit AnalysisWin32/ZeroAccess removerhttp://free.avg.com/us-en/remove-win32zeroaccess
15
BDSMalwareFile AnalysisThe Binary Diffing Starter (part of eEye Binary Diffing Suite (EBDS)) a free and open source set of utilities for performing automated binary differential analysis.http://www.eeye.com/resources/security-center/research/tools/eeye-binary-diffing-suite-ebds
16
-BEViewerForensicsFile CarvingGUI User Interface for browsing features that have been extracted via the bulk_extractor feature extraction tool.https://github.com/simsong/bulk_extractor
17
BinTextFile AnalysisGUI
18
-binwalkFile AnalysisFirmware Analysis-Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images.http://code.google.com/p/binwalk/
19
blkcatForensicsCLI-Streams the content of a given data unit to STDOUT.
20
blklsForensicsDisk AnalysisCLI-Lists details about data units & can extract all unallocated space of the file system.
21
-blklsForensicsFilesystem AnalysisCLILists deleted (unallocated) disk blocks
22
blkstatForensicsDisk AnalysisCLI-Displays information about a specific data unit. (allocation status & block group if Ext file system)
23
-bodyfileForensicsTimeline CreatingCLIConverts the bodyfile to TLN.http://www.sleuthkit.org/sleuthkit/download.php
24
-BokkenForensicsFile AnalysisGUIBokken is a GUI for the Pyew and Radare projects http://inguma.eu/projects/bokken
25
-BokkenForensicsWebsite InspectionGUIGUI for Pyew;The Callgraph tab will show a visual representation of all the elements found in the HTML of the website and all those links with parameters will be shown parsed and groupedhttp://inguma.eu/projects/bokken/wiki/Webs
26
-BrowserSpiderMalwareWebsite InspectionCLIBrowserSpider is a piece of code that makes a standard instance of Firefox or Chome click all the links on the websites you specifyhttp://blog.michaelboman.org/2012/06/mart-malware-analyst-research-toolkit_29.html
27
pdf,exe,dll,sys,pf,zip,elfbulk_extractorForensicsFile CarvingCLIbulk_extractor -fTool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.https://github.com/simsong/bulk_extractor
28
-BurpSuiteNetworkGUIControl web traffichttp://portswigger.net/burp/proxy.html
29
-bytehistFile AnalysisPE AnalysisCheck whether the file might be packedhttp://www.cert.at/downloads/software/bytehist_en.html
30
-CacheBackForensicsInternet ExplorerGUINet analysis tool for Internet evidence.http://www.cacheback.ca/download.asp
31
pcapCapLoaderNetworkPCAP AnalysisGUIA Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). *30 day trial*http://www.netresec.com/?page=CapLoader
32
-CaptureBATSystemFilesystem MonitoringCLIhttps://www.honeynet.org/node/315Yes
33
dbcarverForensicsA tool for extracting Thumbnails stored in Windows Explorer thumbcache_NN.db fileshttp://code.google.com/p/pydetective/
34
catchme.exeMalwareRootkit Analysis
35
-cda_tool.pyForensicsFilesystem AnalysisCLITool by Simson Garfinkel to perform cross-drive analysis (takes output of bulk_extractor)https://github.com/simsong/bulk_extractor
36
certcertutilFile AnalysisCertificatesCLIA command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.http://technet.microsoft.com/en-us/library/cc732443%28v=ws.10%29.aspx
37
-Charles proxyNetworkWebsite TamperingGUIA HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.http://www.charlesproxy.com/download/
38
ChromeCacheViewInternet BrowserGoogle ChromeExtracts the details of all cache files stored by Google Chrome Web browser. http://www.nirsoft.net/utils/chrome_cache_view.html
39
-clamscanAnti-Virussudo freshclam = refresh after updating signaturesScan files for malware signatureshttp://www.clamav.net/
40
-Comodo Instant Malware AnalysisOnline HelpFile Analysis-Automated Analysis Systemhttp://camas.comodo.com/
41
Compare Vmware snapshotsForensicsGUIA string compare tool with search options for interesting (hidden) files like exe, sys and dll.https://zairon.wordpress.com/2007/09/19/tool-compare-vmware-snapshots/
42
pdfcomparepdfFile AnalysisPDFCLIA command line tool for comparing two PDF file.http://www.qtrac.eu/comparepdf.html
43
-Conficker Detection ToolMalwareConficker-Conficker detection toolhttp://www.mcafee.com/us/downloads/free-tools/conficker-detection.aspx
44
datcrashdump.plForensicsRegistry AnalysisCLIRegRipper plugin tha parses system crash dump configuration from System Hivehttp://www.cutawaysecurity.com/blog/scripts-and-tools
45
CreateYaraSignature.pyMalwareFile IdentificationCLIPython script for IDA to create YARA byte code signatureshttp://blog.accuvantlabs.com/sites/default/files/Tools/CreateYaraSignature.py_0.txt
46
doc, pdfCryptamMalwareFile AnalysisCLIDetect malware in Office documents, extract encrypted embedded executables from PDF and office documentshttp://www.malwaretracker.com/tools.php
47
-curlNetworkCLIRetrieve websiteshttp://isc.sans.edu/diary.html?storyid=8038
48
-CWSandboxOnline HelpFile Analysis-Free dynamic, behaviour-based malware analysis using the CWSandboxhttp://www.mwanalysis.org/
49
jsd8Deobfuscate JavaScripthttp://code.google.com/p/v8/
50
DarunGrimMalwareFile Analysis (part of eEye Binary Diffing Suite (EBDS)) a free and open source set of utilities for performing automated binary differential analysis.
51
-dc3ddForensicsDisk ImagingCLIsudo dc3dd if=/dev/sdX hash=sha256 verb=on log=/media/
log.txt hof=/media/output.dd
Enhanced version of dd that can generate hashes and logs of the image process.
52
-dc3ddForensicsDisk WipingCLIdc3dd wipe=/dev/sdX verb=oneEnhanced version of dd that can generate hashes and logs of the image process.
53
-dcflddForensicsDisk ImagingCLIhashwindow=512M hash=md5,sha1 hashlog=forensics.haslogEnhanced version of dd that can generate hashes and logs of the image process.
54
-ddForensicsDisk ImagingCLI
55
ddForensicsDisk WipingCLIdd if=/dev/zero of=<dev> bs=4096*nix program for wiping files/disks
56
-ddrescueForensicsDisk ImagingCLICopies data from one file or block device (hard disk, CD-ROM, etc.) to another, trying hard to rescue data in case of read errors. GNU ddrescuelog is a tool that manipulates ddrescue logfiles, shows logfile contents, converts logfiles to/from other formats, compares logfiles, tests rescue status, and can delete a logfile if the rescue is done.http://freecode.com/projects/addrescue
57
$I*del2infoForensicsWindows Special FilesA tool for analyzing Windows Recycle Bin INFO2 and $I?????? fileshttp://code.google.com/p/pydetective/
58
INFO2del2infoA tool for analyzing Windows Recycle Bin INFO2 and $I?????? fileshttp://code.google.com/p/pydetective/
59
exedensityscoutMalwareFilesystem Analysisdensityscout -pe -p 0.1 -o results.txt c:\Windows\System32This tool calculates density (like entropy) for files of a any file-system-path to finally output an accordingly descending ordered list. This makes it possible to quickly find (even unknown) malware on a potentially infected Microsoft Windows driven machine.http://www.cert.at/downloads/software/densityscout_en.html
60
exe, dll, ocx, sysDependency WalkerMalwarePE AnalysisA free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules.http://www.dependencywalker.com/
61
-Device TreeForensicsFilesystem AnalysisThis utility has two views: (a) one view that will show you the entire PnP enumeration tree of device objects, including relationships among objects and all the device's reported PnP characteristics, and (b) a second view that shows you the device objects created, sorted by driver name.http://www.osronline.com/article.cfm?article=97
62
bup, VBN, QBDDeXRAYFile AnalysisQuarantine FilesCLI-DeXRAY is a simple perl script that tries to discover encrypted executables and DLLs (or, more generically – Portable Executables a.k.a. PE) within a given data file e.g. it could be an encrypted PE that is embedded inside a malicious dropper (including non-PE files e.g. PDFs) or network traffic.http://hexacorn.com/download.php?f=DeXRAY.pl
63
pdfdiffpdfFile AnalysisPDFGUITool to compare two PDF files by modes: Words, Characters, and Appearance. http://www.qtrac.eu/diffpdf.html
64
DisitoolFile AnalysisCertificatesCLIdisitool.py extract signed-file signatureA small Python program to manipulate embedded digital signatures.http://blog.didierstevens.com/programs/disitool/
65
-Disk ArbitratorForensicsMac ForensicsA Mac OS X forensic utility which manages file system mounting in support of forensic procedures.https://github.com/aburgh/Disk-Arbitrator
66
disk_sresetForensicsDisk AnalysisCLI-Will allow you to temporarily remove a HPA from a disk. (this is nonpersistent)
67
disk_statForensicsDisk InformationCLI-Will show if the disk has a HPA.
68
-DiskViewForensicsFilesystem AnalysisThe DiskView utility is a utility written by OSR, that allows ther user to view the MountPoints, Physical Disks, and Storage Adapters that make up the storage subsystem on the target machine. http://www.osronline.com/article.cfm?article=198
69
DisViewFile AnalysisMicrosoft OfficeDisassembles bytes at a given offset of an MS Office file. Part of OfficeMalScanner.http://www.reconstructer.org/code.html
70
jarDJ Java DecompilerFile AnalysisJavaTool that allows you to decompile java CLASS files and save it in text or other format. http://members.fortunecity.com/neshkov/dj.html
71
dmgDMG AssistForensicsMac ForensicsMounts disk images that won’t mount with the traditional double-click method.https://www.blackbagtech.com/resources/freetools.html
72
dmgDMG CorrectForensicsMac ForensicsThis tool corrects the partitioning structure, allowing both the system and data partitions to be mounted. DMG Correct should only be used on a copy of the original whole device dmg, as the dmg is modified for mounting purposes.https://www.blackbagtech.com/resources/freetools.html
73
dmgDMG RenameForensicsMac ForensicsThis utility is used to rename RAW image files to a .dmg extension.https://www.blackbagtech.com/resources/freetools.html
74
sysDriver LoaderMalwarePE AnalysisGUIInstalls NT kernel drivers & will make all the appropriate registry entries for your driver, and even allow you to start your driver without rebooting.http://www.osronline.com/article.cfm?article=157
75
datdrwatson.plForensicsRegistry AnalysisCLIRegRipper plugin that parses Dr. Watson configuration information from Software Hivehttp://www.cutawaysecurity.com/blog/scripts-and-tools
76
-dtSearchForensicsIndexingIndexing tool that allows you to search terabytes of text/documents across a desktop, network, Internet or Intranet site. *30 day trial*http://www.dtsearch.com/
77
dmpDumpitMemoryMemory AnalysisCLIPart of MoonSols Windows Memory Toolkit that captures a 32/64 bit memory image locally.http://www.moonsols.com/products/
78
-Epoch ConverterForensicsMac ForensicsThis utility is used to convert epoch times on a Mac to show the local and UTC time.https://www.blackbagtech.com/resources/freetools.html
79
evtEvent Log Explorer XPFile AnalysisEvent Logs
80
dateventlogs.plForensicsRegistry AnalysisCLIRegRipper plugin that parses Window Event Log configuration from System Hive – contains configured hostnamehttp://www.cutawaysecurity.com/blog/scripts-and-tools
81
evt, evtxevtparse.plForensicsEvent LogsCLIevtparse.pl -s = list all records, in order by record number with corresponding TimeGenerated values to detect system time changeshttp://code.google.com/p/winforensicaanalysis/downloads/list
82
evtxEvtx ParserFile AnalysisEvent LogsCLIWindows Event Log Parser library (Perl)http://computer.forensikblog.de/en/2011/11/evtx-parser-1-1-1.html
83
evt, evtxevtx_viewForensicsEvent LogsGUITool to view Windows Event logshttp://www.tzworks.net/prototype_page.php?proto_id=4
84
evtxevtxcheck.pl ForensicsEvent LogsCLIWindows Event Log EVTX checker (Microsoft LogParse must be in the system PATH)https://code.google.com/p/hotoloti/downloads/list
85
evtxevtxrpt.pl ForensicsEvent LogsCLIWindows Event Log EVTX summarizer (Microsoft LogParse must be in the system PATH)https://code.google.com/p/hotoloti/downloads/list
86
ewfacquireForensicsDisk ImagingCLIPart of the LibEWF package ; Provides a robust console interface for generating EWF/E01 image files.
87
E01ewy.pyForensicsDisk AnalysisCLIUses the LibEWF library to mount EnCase generated image files.
88
exe, dll, ocx, sysexeinfoFile AnalysisPE AnalysisGUIThe ExeInfo utility shows general information about executable files.http://www.nirsoft.net/utils/exeinfo.html
89
exeexeinfoMalwarePE AnalysisGUI Packer, compressor detector / unpack info / internal exe tools; similar to PEiDhttp://exeinfo.antserve.com/
90
exeexescanMalwarePE AnalysisCLIConsole based tool to detect anomalies in PE (Portable Executable) files. It quickly scans given executable file and detect all kind of anomalies in its PE header fields including checksum verifications, size of various header fields, improper size of raw data, non-ascii/empty section names etc.http://securityxploded.com/download.php#exescan
91
jpg, gif, pngexif_summarizer.py ForensicsMetadataCLIExif summarizerhttps://code.google.com/p/hotoloti/downloads/list
92
rssexif2georss.pyForensicsMetadataCLITakes GPS Exif metadata from image files (or whatever) and creates a GeoRSS file suitable for import into Bing Maps.https://github.com/davehull/Exif2GeoRSS
93
jpg, docx, pptx, xlsxexiftoolForensicsMetadataCLITool to extract metadata from a file ; can also read_OPEN_XML.PL for MS Office 2k7 files.
94
-EXPOSUREOnline HelpBlacklists-Detecting malicious DNS domains using large-scale passive DNS analysishttp://exposure.iseclab.org/
95
-Ext2FsdForensicsLinux ForensicsAn open source Ext2 file system driver for Windows systems ; can also read Ext3 minus journaling.
96
-Ext2ReadForensicsLinux ForensicsGUIAn explorer like utility to explore ext2/ext3/ext4 files. It now supports LVM2 and EXT4 extents. It can be used to view and copy files and folders. It can recursively copy entire folders. It can also be used to view and copy disk and file http://sourceforge.net/projects/ext2read/
97
ext3grepForensicsFile RecoveryCLIA tool to investigate an ext3 file system for deleted content and possibly recover it.https://code.google.com/p/ext3grep
98
pcapextflow.pyFile AnalysisPCAP AnalysisCLIThis is a simple script that will carve out files from streams created by tcpflow.http://hooked-on-mnemonics.blogspot.com/2012/04/extflowpy-hack-for-carving-files-from.html
99
cabextract.exeMalwareFile AnalysisCLIA command-line application that extracts individual files from compressed cabinet (.cab) files. http://www.softpedia.com/get/Compression-tools/Microsoft-Cabinet-Extraction-Tool.shtmlYes
100
-fakednsNetworkEmulate common network serviceshttp://code.activestate.com/recipes/491264-mini-fake-dns-server/
Loading...
 
 
 
Sheet1
Sheet2
Sheet3