Knoppix std
Knoppix security tools distribution (STD) is a computer forensics and incident response Live CD based on Knoppix.
Tools
Forensics
- The Sleuth Kit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
- autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
- biew : binary viewer
- bsed : binary stream editor
- consh : logged shell (from F.I.R.E.)
- coreography : analyze core files
- dcfldd : US DoD Computer Forensics Lab version of dd
- fenris : code debugging, tracing, decompiling, reverse engineering tool
- fatback : Undelete FAT files
- foremost : recover specific file types from disk images (like all JPG files)
- ftimes : system baseline tool (be proactive)
- galleta : recover Internet Explorer cookies
- hashdig : dig through hash databases
- hdb : java decompiler
- mac-robber : TCT's graverobber written in C
- md5deep : run md5 against multiple files/directories
- memfetch : force a memory dump
- pasco : browse IE index.dat
- photorec : grab files from digital cameras
- readdbx : convert Outlook Express .dbx files to mbox format
- readoe : convert entire Outlook Express .directory to mbox format
- rifiuti : browse Windows Recycle Bin INFO2 files
- secure_delete : securely delete files, swap, memory....
- testdisk : test and recover lost partitions
- wipe : wipe a partition securely. good for prep'ing a partition for dd
- and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)