Das Forum rund um DVB am PC, Handy und Tablet
Neuigkeiten:
Anzeigen der neuesten Beiträge
Übersicht
Forum
Hilfe
Einloggen
Registrieren
DVB-Cube <<< Das deutsche PC und DVB-Forum >>>
»
PC-Ecke
»
# Security Center
»
Software (PC-Sicherheit)
»
Thema:
Forensic Software diverses
« vorheriges
nächstes »
Drucken
Seiten:
1
[
2
]
3
4
5
6
7
...
12
Nach unten
Autor
Thema: Forensic Software diverses (Gelesen 9136 mal)
0 Mitglieder und 1 Gast betrachten dieses Thema.
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.1 Build 1007
«
Antwort #15 am:
04 Mai, 2015, 09:06 »
Changelog
Case Log:
Added preliminary implementation of Case activity logging
Case Management:
Made add note window resizable
Added veritcal and horizontal scrollbars to Add note dialog, allowing more data to be saved and making it easier to format the notes.
Deleted files:
Fixed crash when displaying deleted file thumbnails on ext2/HFS+ drives (due to different threads sharing same drive handle)
Hash Sets:
Fixed bug in deleting hash set from Tree View
Web Browser:
Fixed missing URL info when adding web snapshot to case
WinPEBuilder:
Can pass in .cfg file to preload some values of WinPEBuilder.exe
Install to USB:
Updated GUI. If installing to USB Drive, then only USB location will be allowed. If creating a bootable device, then any folder is allowed. OSForensics will prefill the output destination of OSForensics (via WinPE Builder config file) when launching WinPE Builder (Requires WinPE Builder 1.0.107 and up).
Misc:
Updated System information library
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.2.1000
«
Antwort #16 am:
10 Juni, 2015, 13:36 »
Changelog
Create Index
Added indexing of From, To, CC, BCC, etc. fields for PST attachments.
Added indexing of From/CC/To etc. addresses from MSG attachments.
Added missing support for indexing headers for MSG files
The start and end dates for the advanced search options are now correctly using the current case timezone setting when a search is performed
Fixed bug in Create Index -> Edit Template -> "Scan system paging and hibernation files" setting being lost.
Fixed bug with Search Index -> Email Attachments -> Export ... results carrying incorrect From/To/CC information from previous results.
Fixed bug with indexing attachments from MSG files (failing to recognize file type properly)
Fixes for crashes and infinite loops when indexing corrupt DOC, XLS and PPT files.
Fixed bug with empty emails in PST files causing previous buffer to be used for content and custom meta.
Case Manager
User can now specify whether logging is enabled/disabled when creating or editing a case
Error message is displayed if the log file is corrupted or tampered with
When generating a report Added "No title" to when there was no title for an item so the link to the file is visibly created
When renaming (moving) cases, case items still used the old metafile path causing issues with non-existant paths. Fixed by reloading case after moving.
E-mail attachment paths now include the attachment index number, due to the possibility of having multiple attachments with the same name
Case Log
Supplemental log entries added across all modules
When logging is disabled, controls are now disabled and message is shown to the user
Create/Verify Hash
Fixed drive drop down list to include Case devices
CSV Exports
Removed "," separator between date and times for CSV exports so that Excel will automatically pick them up as dates
Deleted Files
Fixed bug with retrieving the clusters of a deleted NTFS file. This bug can potential cause an invalid memory access crash
Unallocated cluster information now being used for mounted devices
Fixed bug with unable to save multiple deleted files from a partition without a drive letter (due to invalid characters in the device path)
The number of files that were not saved due to reallocation now displayed
Improved performance of saving deleted NTFS files
Deleted files stored in multiple MFT records are now being handled
Proper stream names are being used when restoring a deleted NTFS file
Disk Imaging
Fixed no default drive being selected in 'Hidden Areas - HPA/DCO' tab
Added check for no physical disk selected
The sizes of each respective max LBA are now displayed in the log after detecting HPA/DCO
Event Info
Bug fix, stripped trailing space character from event title.
Email Viewer
A dotted border is now custom drawn on the selected folder/e-mail so that even when the control loses focus, the selection is still apparent
Fixed not being able to add multiple e-mail attachments with the same name. Each attachment now has a unique path.
File Name Search
Added 'Save to disk' right-click option. Re-arranged right-click menu to be more readable
Hash sets
Files less than 5 bytes in size are now excluded from hash set lookups (this is to prevent tiny file (eg 0 byte files always appearing in a hash set where there was a 0 byte file on creation)
Password Recovery (Windows Login Passwords)
Added cached domain users to recovery for local drives
Fixed a crash that could happen when recovering cached domain users
Recent Activity
Added timestamps to WLAN items for the associated XML profile or registry key (where available)
Bug fix, export event to CSV will now include the item's title.
Columns will remember their widths when filtering, sorting and navigating to different activity types.
Search Index
Added To/From/CC information to attachment output when searching an index
Removed the from/to/cc fields from the CSV export of an search for items that aren't emails/attachments
Fixed bug with broken links in search index results for files containing percent encoding in filename
System Information
Added cached domain users to "Get User Info (registry)"
ThumbCache Viewer
Fixed 'In Case' flag incorrectly displayed for all items in thumbnail view
User Interface
List/tree views across OSF now shows the selected item regardless of when the control loses focus
Fixed drawing issues when minimizing navigation buttons
Removed flickering when resizing window
Fixed buttons not being displayed when resizing window
Fixed drawing issues when resizing file/folder popup dialog
WinPEBuilder
Bug Fix. Selecting OSForensics or BurnInTest as the selected program in WinPEBuilder will now add the required WinPE packages on the WinPE/Packages tab.
Misc
Updated help for new Case Activity Log section to describe logging feature
Updated help with info on user editable file carving configuration file, osf_filecarve.conf
Updated help to mention timezone in case management
Updated System information library
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.2.1001
«
Antwort #17 am:
22 Juni, 2015, 12:19 »
Changelog
Case Manager
E-mail attachment paths now include the attachment index number following the file name (eg. c:\email.pst*990*attach.txt:2). This is to distinguish multiple attachments with the same name.
Create Index
Fixed some bugs relating to email attachments
New URL format for attachments
Fixed bugs with indexing attachments from mbox (.eml) in nested format
Fixed bug with not indexing From/To details for Mbox attachments
Fixed bug with indexing attachment titles incorrectly
Fixed a bug that was causing "Failed to rename file zoom_pagedata.tmp to ..." appear at end of indexing
Email Viewer
When extracting e-mail details, if FILETYPE_UNKNOWN is specified as the e-mail file type, the function will try opening the file with each format until successful
Fixed potential heap corruption when exporting an e-mail with a large text body
Fixed possible memory leak
Recent Activity
Added shellbag item from registry files collection and display
Fixed a date conversion issue with Google chrome downloads date
Search Index
Fixed some results not being filtered into the correct tab (eg. images in e-mail attachments)
E-mail attachments with the same name can now be distinguished properly
When doing bulk adding of items to case, user is no longer prompted when the item already exists in the case after checking the 'Repeat action' checkbox.
Fixed various problems related to adding nested attachments/e-mails/archives to case.
For E-mail paths that do not have a message ID in the path, a message ID of "0" is assigned
Fixed issues with the case flags not appearing for some items
Misc
Fixed some date formatting bugs introduced in the previous build that were causing dates to appear blank
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.2.1002
«
Antwort #18 am:
28 August, 2015, 09:05 »
Changelog
Create Index:
Improved MSG/EML/MBOX indexing support. Now using MIMETIC.
Fixed many common errors and warning messages and file recognition
Fixed many issues with .zip, .gz, and .tar.gz archives. And recursive archives.
Fixed filter buttons/checkboxes not working when viewing a failed/cancelled index
Added fix for "Core engine is not responding" when indexer was stuck in "Finishing" stage due to large index or slow disk write
Email Viewer:
Added right-click option to jump to the message ID of an e-mail file
Added progress details when scanning for deleted e-mails
fixed bug with deleted e-mails not being displayed in the EmailViewer
Fixed 'assert' error appearing when Subject field is missing in MIME headers
Index Log Viewer:
Fixed crash when trying to view a previous index log while an indexing job is running.
Recent activity:
Fixed an issue when trying to get IE10+ URLs from a read only drive
Fixed an issue with "dirty" IE10+ databases that were displaying a "Failed to attach IE10 database" error in some cases
Fixed an "autofill_dates" missing error caused by a Chrome update removing this table
Fixed a "malformed" database error when getting Chrome cookie information
Fixed some display and sorting issues with shellbag items on the file details tab
Registry Viewer:
Fixed a crash when opening a corrupt registry file
Misc:
exFAT partitions are now properly detected as opposed to being identified as "Unknown"
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.2 Build 1003
«
Antwort #19 am:
07 Oktober, 2015, 12:21 »
Changelog
Create Index:
Added support for zipx, 7z, rar, .arj, .dmg, .iso, .chm, .cab, .bz2, .lzo
Fixed indexing bug with repeated "Core engine not responding" messages
Disk Imaging:
Reduced the vertical space used by the controls to support lower resolutions
EmailViewer:
Can now re-scan for recovered e-mails after cancelling a previously started scan
Removed 'Tools' menu
Misc:
Help updates for system information
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
Autopsy 4.0.0
«
Antwort #20 am:
24 Januar, 2016, 13:00 »
Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.
License: GPL
Whats new:>>
Multi-user cases supported that allow collaboration using network-based services.
Image Gallery feature released.
Assorted minor fixes and enhancements.
http://www.sleuthkit.org/autopsy/desc.php
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.3 Build 1000
«
Antwort #21 am:
04 Februar, 2016, 12:32 »
Changelog
Case Management:
Increased Notes character limit to 64000 characters
Can now remove file from case in right-click menu
When adding an attachment to case that already exists, prompt the user to overwrite
Create Signature:
E-mail files are no longer saved as temporary files when creating a hash of the file. This improves the speed when creating a signature.
Fixed wrong directory path being displayed especially when hashing large files.
Fixed performance bug when hashing NTFS compressed files. Caused a 20x slowdown reading compressed files.
Compare Signature:
When comparing file attributes, mask out the extra attributes used by OSForensics Forensics mode (eg. FILE_ATTRIBUTE_ATTR_MODIFY). This gives a more accurate list of modified files.
Deleted File Search:
Added 'Remove deleted file from case' right-click menu option
Fixed search results clearing when flags are updated
Drive Preparation:
Added WAIT icon to drive refresh, so user can see when refresh is complete.
Fixed physical drives are now supported, including system drive. However, if the system drive is selected, an error message is displayed
Drive Imaging:
By default, 'Verify Image File' and 'Disable Shadow Copy' checkboxes are now checked.
Added option to attach Image metadata (.info) file to case on completion
Changed extension of Image metadata file from .info to .info.txt
Email Viewer:
When parsing DBX e-mail files in forensics mode, a temporary copy of the file is no longer created. This saves some time opening the file.
ESEDB viewer:
Updated the Extensible Storage Engine database (ESEDB) viewer to support the new Win10 file structure.
Fixed list of records being cleared when attempting to access a page that is out of bounds
Fixed bug with non NULL-terminated string
Added sanity check for endianness for Vista DBs due to possibility of fields being either big or little endian
File Indexer:
12x increased unique words capacity (from 16 million base words to 200 million). Allows more documents to be indexed in a single index.
Approximate 5x faster Forensics Mode indexing. This resulted from better caching, better parsing of the MFT and new low overhead methods of getting file attributes.
Improved JPG, PNG image indexing speed with new methods of calling exiftool. Performance is approximately 5x faster on photographic images.
Fixed bugs with indexing of archives (zip, tar, 7z, etc.) in Forensics Mode.
Added support for ZIP files using non-DEFLATE methods (e.g. IMPLODE)
Improved file type identifications and attempted indexing methods. At lot fewer warnings and errors should now be logged when indexing.
Fixed 64-bit bugs with 7z64.dll
Fixed corrupt messages e.g. "Error: Cannot delete output file: ... ". Sometimes this error was caused by indexing E-mails that contained malware. The antivirus (AV) solutions running on machines would detect the malware on extraction of attachments from the E-mail and unexpectedly delete the temporary file, causing a cascade of errors. We have a work around for the errors, but active AV solutions can still prevent indexing of files containing malware. Which can be a good or bad thing depending on your point of view.
Fixed failing to open .gz and .tar.gz files from forensic mode mounted drive
Fixed bugs with failing to extract files from certain problematic ZIPs and attempting every file (with magic and extraction and indexing) causing 3 error messages per file in the Zip file. Corrupted Zip files should no longer produce this cascade of errors.
Fixed crash bug with truncated MP3 files
Fixed OLE parsing bug when loading corrupted MSG Email file
Improved memory estimation of indexing, to better judge if there is sufficient RAM available to start the indexing job. No point starting an indexing job only to die half way through it.
File Name Search:
Fixed 'Current Folder' not being correctly displayed
Fixed search results clearing when flags are updated
File System Browser:
Display "(Sparse)" for the "Starting LCN" column of sparse files
Fixed incomplete folder size being displayed when folder size calculation is cancelled midway (eg. when items are being sorted)
Speed improvement when calculating folder sizes in forensics mode. Approx 3x faster depending on collection of files.
Internal Viewer:
File info: For reparse points the linked path is now displayed
No longer displays message box when failing to open file
Hex viewer, Display error message in the status bar when failing to open file
Mismatch Search:
Fixed 'Current Folder' not being correctly displayed
Password Recovery:
Fixed crash when writing an entry to the log
Windows Login - List views are now resized
Windows Login - Added 'Password Required' column to 'Local Users' table to indicate whether a password is required for login
Windows Login - Fixed crash when saving local users/domain users to file
Recent Activity:
Added file type sub classification for Windows Search Items. Files are classified using the MIME type and extensions
Removed directories from Windows Search Items
Fixed Security event log entries not appearing in the results
Selected items in 'File Details' and 'File List' tabs are now independent of each other. This caused problems when the exported list of selected items contain items that were not selected
Re-arranged the order of tabs so that 'File Details' is the default tab.
Fixed scan status not displaying in 'File Details' view
Fixed sorting of items in 'File Details' view
flickering of tree view
Fixed error message appearing when JumpList is not selected in the scan
Fixed a shellbag retrieval crash in Windows 10
Fixed a jumplist crash in Windows 10
Fixed a bug preventing some jumplist items from being retrieved
Changed "Stream Number" jumplist item name to "Entry ID"
Fixed an offset bug when getting the name of a shellbag item in Windows 10 which caused names with invalid characters to appear
Updated function that retrieves Windows desktop search terms. The database format recently changed in Win10 and broke older releases of OSF.
Registry Viewer:
Can switch between Hex, ASCII, Unicode in right-click menu
Hives under \Windows\System32\config\RegBack are now listed when selecting a registry hive to open
Added buttons for common operations (Add file, Add to case, Export, Find)
Fixed a crash when trying to view/open the SAM file in Windows 10
Search Index:
Updated search engine code to support new increased capacity index format with extended unique words.
Added 'Remove item from case' right-click menu option
Fixed search results clearing when flags are updated
Thumbnail View:
Improved performance of loading photographic image thumbnails in forensics mode. Is approx 10x faster.
Improved speed + memory usage when drawing thumbnails. Especially noticeable when scrolling the display, which should now be smoother.
Drive imaging:
Fixed error "Unable to read end of drive". This occurred when imaging a volume (e.g. Drive F:), when the size of the file system (e.g. NTFS) is smaller than the volume size. The imaging process will now continue beyond the end of the file system to read the entire volume.
Misc:
Fixed some memory leaks found by the leak checker
Licensing:
In the free edition of the software,
The indexing process will be restricted to 10,000 files or E-mails.
The search results from an index will be limited to 250 files per search.
Only 10 items to be added to each Case file.
Only the first 10 passwords from each browser type will be listed in the passwords function
Installer:
The installer package is now signed with an Extended Validation coding signing certificate. This avoids some SmartScreen installation warnings in Windows 10, like Windows "prevented an unrecognised app from starting".
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.3.1001
«
Antwort #22 am:
09 Februar, 2016, 05:00 »
Changelog
Deleted Files Search
File Carving, naming of recovered carved files has been changed to "Carved (type) file (Sector Location in HEX).extention" e.g. Carved 'jpg' file 0x00001F2B.jpg
File name search
Fixed a bug that was preventing sort by foreground/background colour working correctly on results when OSForensics was using direct access (eg direct access of an image file)
Hash Sets
Fixed a crash when first trying to open the hash sets tab
Misc
Some help file updates
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.3.1002
«
Antwort #23 am:
23 März, 2016, 13:00 »
Changelog
Deleted Files - FileCarving
Fixed Crash. TIF file format has internal pointers to location within the file, when these pointer contains a corrupted/invalid value, it would possibly cause OSForensics to crash.
Added slider to configuration to allow selection of start and end percent/location of drive to carve.
Fixed possible crash when searching for HFS+ deleted files.
File Indexer
New Zoom build, fixed issues with not starting indexing on HFS image with "Invalid folder" errors.
Misc
Fixed retrieving file attributes on non-ntfs file systems
Fixed possible crash when access HFS+ filesystem
Added detection of file system for MBR partitions due to possible differences in reported partition type and actual file system
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.3.1003
«
Antwort #24 am:
06 April, 2016, 18:00 »
Whats new:>>
Email Viewer
Fixed stack overflow crash bug when saving MSG attachment with multiple levels of nesting
File Indexer
New Zoom indexer build, fixed a crash bug for nested MSG files within PST files
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSFClone 1.1.1000
«
Antwort #25 am:
07 April, 2016, 13:31 »
OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images quickly and independent of the installed operating system.
In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata. An open standard enables investigators to use quickly and efficiently their preferred tools for drive analysis. After creating or cloning a disk image, you can mount the image with PassMark OSFMount before conducting analysis with PassMark OSForensics.
OSFClone creates a forensic image of a disk, preserving any unused sectors, slack space, file fragmentation and undeleted file records from the original hard drive. Boot into OSFClone and create disk clones of FAT, NTFS, and USB-connected drives! OSFClone can be booted from CD/DVD drives, or from USB flash drives.
Freeware
Whats new:>>
Updated Tiny Core Linux to Core 7.0
Updated dc3dd to 7.2.641
Added HFS+ support (If journalled is enabled, drive/partition is read only).
Updated libewf to 20160329
USB image of OSFClone is now UEFI/BIOS bootable
http://osforensics.com/tools/create-disk-images.html
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSForensics 3.3.1004
«
Antwort #26 am:
13 April, 2016, 09:11 »
Changelog
Case Manager
Added warning when attempting to add the entire image to case when there is a partition table
Allow the option to select the "entire image file" when adding images to case
File Indexer
New Zoom builds with added recognition for extensions .plt and .dxf to index filename only
Fixed stack/buffer overflow issue when indexing PST emails.
Raw disk viewer
When viewing the raw sectors of entire images, the partition table info is now decoded
Search Index
Fixed special characters such as '&' in the filepath from the search results not being decoded properly
Misc
Device dropdown list now includes the image file's partition (or "Entire image")
Fixed bug with not being able to read the raw bytes of image files using UNC paths
Accessing the entire image file with a valid partition table (ie. without specifying a partition) no longer returns error
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
OSFClone v1.1.1001
«
Antwort #27 am:
06 Mai, 2016, 09:00 »
Whats new:>>
Fixed bugged where you may not be able to select partition as a source.
Will no longer mount the drive during scanning of available drives by default. As a consequence, OSFClone will no longer show disk space usage. To return to previous behavior, this can be re-enabled in the options.
http://osforensics.com/tools/create-disk-images.html
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
Autopsy 4.1.0
«
Antwort #28 am:
24 Juli, 2016, 10:00 »
Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.
License: GPL
Whats new:>>
New list view in Timeline tool
VMWare virtual machine files (vmdk) and Microsoft Virtual Hard Drives (vhd) can be added as data sources.
New ingest module detects vmdk and vhd files embedded in other data sources and adds them as data sources.
Text associated with blackboard artifacts is indexed and searched for keywords.
Custom (user-defined) blackboard artifact and attribute types are displayed in the UI and included in reports.
File size and MIME type conditions can be specified for interesting files set membership rules.
Assorted bug fixes and minor enhancements.
http://www.sleuthkit.org/autopsy/desc.php
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 190219
Ohne Input kein Output
Autopsy 4.1.1
«
Antwort #29 am:
27 August, 2016, 16:00 »
Whats new:>>
Bug fix to enable some Python modules to run again.
http://www.sleuthkit.org/autopsy/desc.php
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
Drucken
Seiten:
1
[
2
]
3
4
5
6
7
...
12
Nach oben
« vorheriges
nächstes »
DVB-Cube <<< Das deutsche PC und DVB-Forum >>>
»
PC-Ecke
»
# Security Center
»
Software (PC-Sicherheit)
»
Thema:
Forensic Software diverses