SOLDIERX.COM Nobody Can Stop Information Insemination

FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis.FTimes is a lightweight tool in the sense that it doesn't need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface.Preserving records of all activity that occurs during a snapshot is important for intrusion analysis and evidence admissibility. For this reason, FTimes was designed to log four types of information: configuration settings, progress indicators, metrics, and errors. Output produced by FTimes is delimited text, and therefore, is easily assimilated by a wide variety of existing tools.FTimes basically implements two general capabilities: file topography and string search. File topography is the process of mapping key attributes of directories and files on a given file system. String search is the process of digging through directories and files on a given file system while looking for a specific sequence of bytes. Respectively, these capabilities are referred to as map mode and dig mode.FTimes supports two operating environments: workbench and client-server. In the workbench environment, the operator uses FTimes to do things such as examine evidence (e.g., a disk image or files from a compromised system), analyze snapshots for change, search for files that have specific attributes, verify file integrity, and so on. In the client-server environment, the focus shifts from what the operator can do locally to how the operator can efficiently monitor, manage, and aggregate snapshot data for many hosts. In the client-server environment, the primary goal is to move collected data from the host to a centralized system, known as an Integrity Server, in a secure and authenticated fashion.

PyFlag features a rich FeatureList which include the ability to load many different log file formats, Perform forensic analysis of disks and images. PyFlag can also analyze network traffic as obtained via tcpdump quickly and efficiently.Since PyFLAG is web based, it is able to be deployed on a central server and shared with a number of users at the same time. Data is loaded into cases which keeps information separated.

bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.

Extract Internal Metadata from Microsoft Office and Adobe PDF Files It’s no secret that many document types can contain metadata that can reveal a wealth of information. This data can reveal information about the history, usage, authors, and contributors of a document. This data can be a great source of information for your investigation. MetaExtractor can retrieve this information in bulk against thousands of documents in minutes.

Features:
New: Support for OpenOffice files
New: Support for parsing SolidWorks CAD Drawings
Native file parsing (does not require Office or Acrobat to be installed)
Support for Office 2003/2007/2010/2013 file formats
Support for Adobe PDF documents
Can recursively parse a folder (and subfolders) of files
Multi-Select individual files
Exports to CSV for easy analysis and reporting
GUI supports Date/Time sorting for quick review
Support for over 40 metadata fields
Requirements: Microsoft .NET Framework v4.0
Free for both personal and commercial use

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)

Free Hex Editor Neo is award-winning large files optimized freeware editor for everyone who works with ASCII, hex, decimal, float, double and binary data.Freeware Hex Editor Neo allows you to view, modify, analyze your hexadecimal data and binary files, edit, exchange data with other applications through the clipboard, insert new data and delete existing data, as well as perform other editing actions.Make patches with just two mouse clicks; manipulate your EXE, DLL, DAT, AVI, MP3, JPG files with unlimited undo/redo. Taste the visual operation history with branching.This hex and binary code data editing software utility for Windows includes the following basic functionality: Unlimited Undo/Redo; Find; Replace; Visual History Save and Load; Patch Creation; Clipboard Operations; Bytes, Words, Double Words, Quad Words, Floats and Doubles Edit Mode.

HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical.For example, drives and memory are presented similar to a file and are shown as a whole, in contrast to a sector/region-limited view that cuts off data which potentially belongs together. Drives and memory can be edited the same way as a regular file including support for undo. In addition memory-sections define a foldable region and inaccessible sections are hidden by default.

Operating System:
Windows 95, 98, ME, NT 4, 2000, XP, 2003, Vista, or 7

LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer. The activity displayed by LastActivityView includes: Running .exe file, Opening open/save dialog-box, Opening file/folder from Explorer or other software, software installation, system shutdown/start, application or system crash, network connection/disconnection and more...

System Requirements
This utility works on any version of Windows, starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported.

Known Limitations
This tool gathers information from various sources, including the Registry, the events log of Windows, the Prefetch folder of Windows (C:\windows\Prefetch), the MiniDump folder of Windows (C:\Windows\Minidump), and more... The accuracy and the availability of the information displayed by LastActivityView might be different from one system to another. For example, if the user or a software makes changes in the Registry, the action time displayed by LastActivityView might be wrong, because it's based on the modified time of some Registry keys. Also, for every type of action/event, there is some limitation according to the way that the information is saved in the system. For example, the 'Select file in open/save dialog-box' action is limited for one action of every file extension, so if the user opened 2 .doc files with the open/save dialog-box, only the last one will be displayed.

Redline®, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.

With Redline, you can:
Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.Identify the processes most worth investigating using the Redline Malware Risk Index score.Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.