Forensics

BlindSide

BlindSide is an example of the art of steganography - the passing of secret
messages in a form such that one would not suspect the message is being
passed. This is an area of cryptography that is attracting considerable
interest of late. The Blindside utility can hide a file (or files) of any
variety, within an uncompressed Windows Bitmap image (BMP file). The original image and
the encoded image look absolutely identical to the human eye - but when run
back through Blindside, the concealed data can be extracted and secret data
retrieved. For added security you can even scramble your data with a password.

Why BlindSide?
~~~~~~~~~~~~~~
There are other programs in the commerical and freeware streams that can
accomplish tasks similar to this program. Many of these will adjust every
single pixel's LSB (the least significant bit of the pixel), and store
data in these imperfections. This can lead to obvious corruption in the
image - which defeats the secrecy (the main ideal of steganography).
Blindside analyses the colour differentials in the image, and will only
alter pixels that it knows will not be noticeable to the human eye.
The downside is that each image has its own 'capacity' dependent on colour
patterns within it - but the upside is that any data you scramble with
Blindside will most definitely be invisible to the human eye.

What could I use this for?
~~~~~~~~~~~~~~~~~~~~~~~~~~
The possibilities are endless. The beauty of the Blindside system is that
it is a steganographic technique supplemented with a cryptographic algorithm.
This means you can pass messages around without even arousing suspicion that
you are doing so (steganography) - and you can encrypt these messages with
password based encryption such that even if anyone did examine the images,
they would need a password to reveal the secret data (cryptography).
If you were a digital image publisher for instance, you could use

Cookie Viewer

Cookies provide websites with a mechanism to store and retrieve state information on your computer. This mechanism allows Web-based applications the ability to store information about selected items, user preferences, registration information, and other information that can be retrieved later.
Cookies are small text files stored on the hard disk of your computer.

This utility shows you what kind of information web sites have stored on your computer.
It can also delete, backup and restore cookies and has a simple Find option.

OSSEC HIDS

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

LSoF

LiSt Open Files
This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process. For a Windows equivalent, check out Process Explorer from Sysinternals.

Sam Spade

Sam Spade is a general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. Sam Spade features include:
ping - nslookup - whois - IP block - dig - traceroute finger - SMTP VRFY - web browser keep-alive - DNS zone transfer - SMTP relay check - Usenet cancel check - website download - website search - email header analysis - Email blacklist - query Abuse address - And More...

DECAF

DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.

DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity.

Par2

While not directly related to hacking in any fasion, this is just a cool utility, anyone and everyone should make use of.

http://www.par2.net/

Par2 makes parity files for various archives, primary used on newsgroups, par/par2 can greatly increase redundancy on compressed archives.

This app has many uses, some not so obvious. Particularly, when I make optical media backups I prefer to compress them, password protect, par2 the file, then burn. This has a few advantages as cd's and dvd's are prone to scratches, the par files can recover a bad rar, while still maintaining your password over the archive. This adds security and redundancy to the backup.

GHBA

GHBA or "Get Host By Address" is a reverse DNS lookup tool that can scan a class B or C network range and determine the correct hostname where a potentially fake/false record could normally be hiding the real name.

As you may have noticed I say this is compatible with all OS's because it's a c program and you should, given enough time, be able to compile it on anything even windows using cygwin!

Protected Storage PassView

Description
Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are revealed by reading the information from the Protected Storage.
Starting from version 1.60, this utility reveals all AutoComplete strings stored in Internet Explorer, not only the AutoComplete password, as in the previous versions.

This utility can show 4 types of passwords:

Mail PassView

Description
Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients:

* Outlook Express
* Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
* Microsoft Outlook 2002/2003/2007 (POP3, IMAP, HTTP and SMTP Accounts)
* Windows Mail
* Windows Live Mail
* IncrediMail
* Eudora
* Netscape 6.x/7.x (If the password is not encrypted with master password)
* Mozilla Thunderbird (If the password is not encrypted with master password)
* Group Mail Free

Syndicate content