Search results
Results From The WOW.Com Content Network
Foremost is a forensic data recovery program for Linux that recovers files using their headers, footers, and data structures through a process known as file carving. [3] Although written for law enforcement use, the program and its source code are freely available and can be used as a general data recovery tool. [2]
Some of the tools included with the CAINE Linux distribution include: The Sleuth Kit – open source command line tools that support forensic inspection of disk volume and file system analysis. Autopsy – open source digital forensics platform that supports forensic analysis of files, hash filtering, keyword search, email and web artifacts ...
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, formerly known as BackTrack. [2] Parrot Security OS is a cloud-oriented Linux distribution based on Debian and designed to perform security and penetration tests, do forensic analysis, or act in anonymity. It uses the MATE Desktop ...
fsstat displays file system statistical information about an image or storage medium. ffind searches for file names that point to a specified metadata entry. mactime creates a timeline of all files based upon their MAC times. disk_stat (currently Linux-only) discovers the existence of a Host Protected Area.
EnCase contains functionality to create forensic images of suspect media. Images are stored in proprietary Expert Witness File format; the compressible file format is prefixed with case data information and consists of a bit-by-bit (i.e. exact) copy of the media inter-spaced with CRC hashes for every 64 sectors of data (by default). [8]
Default PDF and file viewer for GNOME; replaces GPdf. Supports addition and removal (since v3.14), of basic text note annotations. CUPS: Apache License 2.0: No No No Yes Printing system can render any document to a PDF file, thus any Linux program with print capability can produce PDF files Pdftk: GPLv2: No Yes Yes
The user may choose to keep files, applications or some settings on their Tails drive in "Persistent Storage". Though the Persistent Storage is encrypted by default, it is not hidden and detectable by forensic analysis. [22] While shutting down, Tails overwrites most of the used RAM to avoid a cold boot attack. [23]
sourceforge.net /apps /trac /ocfa /wiki The Open Computer Forensics Architecture (OCFA) is a distributed open-source computer forensics framework used to analyze digital media within a digital forensics laboratory environment.