Forensics: Difference between revisions
Jump to navigation
Jump to search
Fostermarkd (talk | contribs) |
Fostermarkd (talk | contribs) |
||
| Line 25: | Line 25: | ||
<DD>Price: -$-Free<BR> | <DD>Price: -$-Free<BR> | ||
The par utility creates and manipulates PalmOS database (.pdb) and resource (.prc) files. | The par utility creates and manipulates PalmOS database (.pdb) and resource (.prc) files. | ||
<BR> | <BR>Examples: | ||
par h 'System Ring Tones.pdb' | |||
name: System Ring Tones | |||
type: smfr | |||
cid: GSMr | |||
attributes: backup | |||
version: 0 | |||
ctime: 193510271755 | |||
mtime: 200602091606 | |||
btime: 193510272037 | |||
modnum: 489 | |||
szappinfo: 0 | |||
szsortinfo: 0 | |||
nrecords: 12 | |||
par l 'System Ring Tones.pdb' | par l 'System Ring Tones.pdb' | ||
-d-- 0 113 PMrc.. Treo.MThd..........MTrk...O..Z.RZ..XpRX.. | -d-- 0 113 PMrc.. Treo.MThd..........MTrk...O..Z.RZ..XpRX.. | ||
Revision as of 16:20, 31 May 2007
Digital Forensics Tools and Information
- Helix v1.7 - http://www.e-fense.com/helix/
- Price: -$-Free
This is a bootable live CD based off Knoppix. Includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. - THE FARMER'S BOOT CD - http://www.forensicbootcd.com/
- Haven't tried this yet, but plan to.
- EnCase Forensic - http://www.guidancesoftware.com/products/ef_index.asp
- Cream of the crop, but expensive $$$
- Forensic Toolkit - http://www.accessdata.com/products/ftk/
- Touted as the leading forensic tool to perform e-mail analysis (among other things). Much more reasonably priced at just over $1000 US
- ILook Investigator - http://www.ilook-forensics.org/
- This is a restricted suite of computer forensics applications available only to qualified individuals at intelligence and law-enforcement agencies.
Palm OS
- Par - http://djw.org/product/palm/par/index.html
- Price: -$-Free
The par utility creates and manipulates PalmOS database (.pdb) and resource (.prc) files.
Examples: par h 'System Ring Tones.pdb' name: System Ring Tones type: smfr cid: GSMr attributes: backup version: 0 ctime: 193510271755 mtime: 200602091606 btime: 193510272037 modnum: 489 szappinfo: 0 szsortinfo: 0 nrecords: 12 par l 'System Ring Tones.pdb' -d-- 0 113 PMrc.. Treo.MThd..........MTrk...O..Z.RZ..XpRX.. -d-- 0 56 PMrc..Beep Beep.MThd..........MTrk......d.Rd.Rd. -d-- 0 338 PMrc..Escalate.MThd..........MTrk...,..V.HV..T.H -d-- 0 142 PMrc..Euro.MThd..........MTrk...m..X..X..V..V..X -d-- 0 203 PMrc..Fly By.MThd..........MTrk......b!2b..e!2e. -d-- 0 110 PMrc..Jazz.MThd..........MTrk...M..L...L..P...P. -d-- 0 44 PMrc..None.MThd..........MTrk......<..<.../. -d-- 0 82 PMrc..Ping-Pong.MThd..........MTrk...+..g.<g.<g. -d-- 0 181 PMrc..Powerful.MThd..........MTrk......d.4d..X.4 -d-- 0 173 PMrc..Professional.MThd..........MTrk......X.4X. -d-- 0 120 PMrc..Sparkle.MThd..........MTrk...S..Y.2Y..Y 2Y -d-- 0 182 PMrc..Turca.MThd..........MTrk......S.HS..Q.HQ.. par x 'System Ring Tones.pdb' This produces a bunch of *.pdr files. strings 011.40.4710472.pdr PMrc Turca MThd MTrk