Download

Description

"A Recycle Bin Forensic Analysis Tool."

Editor: Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.

Many computer crime investigations require the reconstruction of a subject's Recycle Bin. Since this analysis technique is executed regularly, we researched the structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti, the Italian word meaning "trash", was developed to examine the contents of the INFO2 file in the Recycle Bin. The foundation of Rifiuti's examination methodology is presented in the white paper located here. Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite Spreadsheet program. Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms. you can free download Rifiuti 1.0 now.

Keywords

Related Software

• Hacme Bank
  Hacme Bank is designed to teach application developers
• Attacker
  A TCP/UDP port listener.
• SSLDigger
  SSLDigger v1.02 is a tool to assess the strength of SSL servers
• Galleta
  A Internet Explorer Cookie Forensic Analysis Tool
• 
  A small, quick TCP service stress test tool.
• FSCrack
  provide a graphical user interface (GUI) for access to most of JtR’s functions
• 
  A Recycle Bin Forensic Analysis Tool.
• Foundstone CredDigger
  Foundstone CredDigger is a tool that attempts to gather data to assist
• RPCScan
  A utility that can quickly and accurately identify Microsoft operating systems
• 
  Microsoft UPnP MS05-039 Vulnerability Detection Utility
• Vision
  Vision is a host based Forensic Utility
• PatchIt
  A binary file byte-patching program.
• Hacme Shipping
  Foundstone Hacme Shipping is a web-based shipping application
• MessengerScan
  Vulnerability Detection Utility with Advanced Immediate Protection Capability!
• 
  An Internet Explorer activity forensic analysis tool.
• CredDigger
  A tool that attempts to gather data to assist with penetration
• SiteDigger
  SiteDigger 2.0 searches Google’s cache to look for vulnerabilities
• Hacme Books
  Foundstone Hacme Books is a learning platform for secure software development
• 
  Show information about Windows. Reveal passwords etc.
• 
  Traceroute and Whois program.
• fileWATCH
  A file change monitor. Used with BlackICE Defender.
• HackPack
  Foundstone HackPack is a tool designed to aid security
• IPv4Trace
  IPv4 fragment reassembly implementation.
• Fport
  Identify unknown open ports and their associated applications
• WSDigger
  WSDigger is a free open source tool
• 
  Cisco IOS IPv4 Remote Denial of Service Vulnerability Detection Utility
• Carbonite
  Incident Response vs. Loadable Kernel Module Rootkits
• 
  Finds Ascii, Unicode and Resource strings in a file.
• 
  A network admin utility for remotely detecting the most common DDoS programs.
• 
  NTLast is specifically targeted for serious security and IIS administration.
• Toolk
  Tools to help examine NTFS for unauthorized activity.
• 
  SNScan allows for the scanning of SNMP specific ports
• 
  Mydoom worm scanner
• CodeScout
  Foundstone CodeScout is a free tool
• Fpipe
  FPipe is a source port forwarder/redirector.
• SiteScope
  Foundstone�s SiteScope creates a site map
• 
  A scriptable, server stress testing tool.
• CookieDigger
  CookieDigger helps identify weak cookie generation
• 
  UDP packet sender utility.
• 
  Remote Task Scheduler scanner
• 
  An update of the highly popular Windows port scanning tool, SuperScan.
• 
  Command line port scanner.
• 
  A scanner for the infamous Back Orifice program.