'forensic'에 해당되는 글 1

  1. 2008.10.11 Forensic Acquisition Utilities

Forensic Acquisition Utilities

2008.10.11 20:51 | Posted by bar4mi
윈도우즈 시스템과 관련된 포렌식 도구 및 포렌식 라이브러를 수집하는 프로젝트를 진행하고 있다. 

해당 프로젝트는 x86과 x64에서 사용할 수 있는 도구를 아래와 같이 제공하고 있다.  
  • Dd.exe: A completely new implementation inspired by the popular GNU dd utility program.
  • Volume_dump.exe: An original utility to dump volume information and drive information and USN journals. 
  • FMData.exe: An original utility to collect files system metadata, to produce and verify security catalogs (cryptographic hash sets) using one or more cryptographic hash algorithms and to verify system binaries using the system file checker (SFC) API.
  • Wipe.exe:  An original utility to sterilize media prior to forensic duplication.
  • Nc.exe:  A completely new implementation of the popular Netcat utility inspired by the original version created by Hobbit.
  • Zlib.dll:  The latest version of Jean-loup Gailly and Mark Adler’s Zlib (currently version 1.2.3). 
  • Bzip2.dll:   The latest version of J. Seward’s bzip2 library (currently 1.0.4).
  • Boost_regex-vc80-mt-1_34_1.dll: Boost’s regular expression library.
  • Fauerror_xxx.dll: A series of dynamic link libraries (dll’s) that contain the localized language strings for FAU output.  There is one dll for each locale supported by the FAU.
이전 1 다음

티스토리 툴바