Forensic Toolkit Icon

Forensic Toolkit

Tools to help examine NTFS for unauthorized activity.

Forensic ToolkitOverview

Editor: The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. We built these tools to help us do our job, we hope they can help you as well. This tool OPEN SOURCE

Key Features

AFind is the only tool that lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times Between certain time frames, coordinating this with logon info provided from NTLast, you can to begin determine user activity even if file logging has not been enabled.


HFind scans the disk for hidden files. It will find files that have either the hidden attribute set, or NT's unique and painful way of hiding things by using the directory/system attribute combination. This is the method that IE uses to hide data. HFind lists the last access times.

SFind scans the disk for hidden data streams and lists the last access times.

FileStat is a quick dump of all file and security attributes. It works on only one file at a time but this is usually sufficient.

Hunt is a quick way to see if a server reveals too much info via NULL sessions.

NEW

Fixed some bugs.

Forensic ToolkitInformation

Version
2.0
Date
03.13.08
License
Free
Language
English
File Size
336KB
SubCategory
Operating Systems
Windows NT
System Requirements
No additional system requirements.
BinText Icon
Finds Ascii, Unicode and Resource strings in a file.
Free
SiteScope Icon
Foundstone�s SiteScope creates a site map
Free
Blast Icon
A small, quick TCP service stress test tool.
Free
UDPFlood Icon
UDP packet sender utility.
Free
DDosPing Icon
A network admin utility for remotely detecting the most common DDoS programs.
Free
CredDigger Icon
A tool that attempts to gather data to assist with penetration
Free
Fpipe Icon
FPipe is a source port forwarder/redirector.
Free
SiteDigger Icon
SiteDigger 2.0 searches Google’s cache to look for vulnerabilities
Free
More
SSTap Icon
"Socksify" TCP and UDP connections at the network layer.
Free
Facebook Pro Icon
Access your Facebook account quickly and easily.
Free
ARPMiner Icon
Set up a simple captive portal/hotspot.
Demo
Proxifier Icon
Bypass firewall, tunnel connections through HTTP and SOCKS proxy servers.
Trial
Intel Wireless Bluetooth for Windows 7 Icon
Install the latest Intel Wireless Bluetooth drivers on your Windows 7 computer.
Free
pumpkin Icon
Free, open source TFTP server and client
Free
Windows Live Essentials 2012 Icon
Do more with Windows on your PC with programs from Microsoft.
Free
WinUp Icon
WInUp is used to download updated from Msoft without the need of IE.
Free
More