maresware.com/maresware/df.htm
Is a simple program used to convert the long value of a date (ie 912345678) to a traditional month day year, date format.
maresware.com/maresware/ac.htm
It provides a 32 bit CRC and a 16 bit checksum of a file or files. The 32 bit value is identical to one created by the PKZIP program for its internal file integrity checks. This allows for a cross verification of any value that Crckit produces.
maresware.com/maresware/ac.htm
Once NTFS Alternate Data Stremas are identified, there is little most software will do to process the files. The Copy_ads program will identify Alternate Data Stream files located on an NTFS partition.
maresware.com/maresware/ac.htm
Compare will compare two files that are sorted on the same sort field.
maresware.com/maresware/ac.htm
This program will take two identically formatted files that are sorted and collate them together into one output file.
maresware.com/maresware/ac.htm
Chsize will alter/change the size of a file on the disk.
maresware.com/maresware/ac.htm
A 32 bit program, Chs_conv will take a cylinder head sector (CHS, 200/20/15) and convert it into a linear sector number and vice versa. It can be be helpful in converting CHS to LBA values when the program you are using only supplies one value.
maresware.com/maresware/ac.htm
This program is designed to provide a list or catalog of all the files under a Linux operating system. It also displays file permissions and owner ID.
maresware.com/maresware/ac.htm
The program allows you to search a fixed length record file on a sorted field for the occurrence of specified search keys. Because of the algorithm used, the search is almost instantaneous. Consider the bsearch algorithm similar to searching an indexed da ...
maresware.com/maresware/ac.htm
Bates_no is a program which helps attorneys(or anyone using the Bates numbering system) to identify e-documents. While many programs can be used for Bates stamping individual pages in e-documents, few will assign Bates numbers to the filenames. Bates_nowi ...
maresware.com/maresware/ac.htm
The Add_recl program is designed to help reformat (variable length) carriage return delimited records.
github.com/analyzeDFIR/analyzePF
analyzePF is a command line tool for parsing information from Prefetch files taken from systems running Windows. The tool was written to parse as much information from Prefetch files as possible in the most accurate way possible, and is written with the s ...
www.asrdata.com/forensic-software/smart-linux/
SMART Linux is the only distribution that includes the entire suite?of ASR Data tools and allows you to preview, assess, acquire,authenticate and analyze storage devices, identify and recover deletedfiles, search filesystems, index document collections, s ...
www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-wi...
As a reverse engineer on the FLARE Team I rely on a customized Virtual Machine (VM) to perform malware analysis. The Virtual Machine is a Windows installation with numerous tweaks and tools to aid my analysis. Unfortunately trying to maintain a custom VM ...
www.dmares.com/maresware/ac.htm#COPYADS
The Copy_ads program will identify Alternate Data Stream files located on an NTFS partition.
www.dmares.com/maresware/tz.htm#VSS
The VSS program is designed to allow you to mount as a drive letter, the Volume Shadow copy. By default it mounts a single drive letter. But has capability to mount more than one at the same time.
github.com/MagikSquirrel/CTF_Challenges
"A cyber security challenge that uses forensic analysis of image files using the "string" function in either Windows or Unix."
We provide a legal virtual penetration testing environment which consists of extremely easy to hair pulling hard (hacking) challenges, the more you succeed in solving puzzles the more categories will be available to be played.
© 2018 Copyright | DFIR Training