FireEye Indicators of Compromise (IOC) Finder is a free tool for
collecting host system data and reporting the presence of IOCs. IOCs
are open-standard XML documents that help incident responders capture
diverse information about threats.
The IOC Finder features:
Collection of full data, sufficient for general IOC matching
requirements
Usage of a portable storage device for
collection from multiple hosts
IOC hit reporting in simple
text, full HTML and full MS Word XML formats
Generation of
reports for specific hosts or all hosts
FireEye Indicators of Compromise (IOC) Editor is a free tool that
provides an interface for managing data and manipulating the logical
structures of IOCs. IOCs are XML documents that help incident
responders capture diverse information about threats, including
attributes of malicious files, characteristics of registry changes and
artifacts in memory.
The IOC Editor includes:
Manipulation of the logical structures that define the
IOC
Application of meta-information to IOCs, including
detailed descriptions or arbitrary labels
IOC Writer provide a python library that allows for basic creation and editing of OpenIOC
objects.
Provide a python library that allows for basic creation and editing of OpenIOC
objects. It supports a basic CRUD (Create, Read, Update, Delete) for various
items.
Items do not have built in Read operations, since all items can be accesed
with built in ElementTree syntax or the use of XPATH to select portions
of the IOC.
Mobile device forensics :
is directly connected to digital forensics and
can be defined as being the recovery of digital information or data
which is often used for criminal evidence. Mobile Device Forensics by
definition applies only to mobile devices, e.g. tablets, cell phones
etc, but it the term also includes any portable digital device that has
both internal memory and communication abilities such as PDA devices and
also GPS devices.
iPhone Analyzer:
allows you to forensically examine or recover date from
in iOS device. It principally works by importing backups produced by
iTunes or third party software, and providing you with a rich interface
to explore, analyses and recover data in human readable formats. Because
it works from the backup files everything is forensically safe, and no
changes are made to the original data.
Features
Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
Multi-platform (Java based) product, supported on Linux, Windows and Mac
Fast, powerful search across device including regular expressions
Integrated mapping supports visualisation of geo-tagged information,
including google maps searches, photos, and cell-sites and wifi
locations observed by the device (the infamous "locationd" data)
Integrated support for text messages, voicemail, address book
entries, photos (including metadata), call records and many many others
Recovery of "deleted" sqlite records (records that have been tagged
as deleted, but have not yet been purged by the device can often be
recovered),/li>
Integrated visualisation of plist and sqlite files
Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
Support for KML export and direct export to Google Earth
Browse the device file structure, navigate directly to key files or
explore the device using concepts such as "who", "when", "what" and
"where".
Analyse jail broken device directly over SSH without need for backup (experimental)
BitPim:
is a program that allows you to view and manipulate
data on many CDMA phones from LG, Samsung, Sanyo and other
manufacturers. This includes the PhoneBook, Calendar,
WallPapers, RingTones (functionality varies by phone) and the
Filesystem for most Qualcomm CDMA chipset based phones.
this tool which discusses a crucial aspect of Mobile Device Forensics,
i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if
this tool is publically available and if anyone reading this can help us
locate where to find it we’d been very grateful!.
In examining the MIAT dump of the phone's
filesystem, I found the following interesting items of evidence (note
that these are not intended to be comprehensive):
\Windows\Profiles\guest\ - Contained the Pocket IE
cache, including Cookies, index.dat (which was not extracted due to the
previously specified issue), and Temporary Internet Files
\Windows\Messaging
- Contained various .mbp files which proved to hold the text of
downloaded email messages. There is also an Attachments folder under
this path that may hold downloaded attachments.
\Windows\ActiveSync - Contained various configuration and log files from Activesync
\Windows\Favorites - Contained Favorite links used by Pocket IE
\Application
Data\GoogleMaps - Contained configuration and cache files used by the
installed Google Maps application. These files are all binary, but one
of them, prefsext.dat, contains a variety of strings which match
searches that have been performed and results (street addresses) which
have been returned. Somebody could probably reverse engineer the format
and write a parser for this that would be really useful.
\*.vol
these files contain Embedded databases, which include all of the
phone-related information such as call logs, phone book, appointment
list, etc. I haven't yet found a free application to parse them, but
there's got to be something out there.
I also found a number of
other empty Attachments folders, as well as additional empty Profiles
and Temporary Internet Folders folders. This probably means that these
various locations are implementation dependant.
Download Link : http://www.dfrws.org/2008/proceedings/p121-distefano_pres.pdf
TULP2G:
is a .NET based forensic software framework for extracting and decoding data stored in electronic devices.
“TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”
Santoku Community Edition: runs in the lightweight Lubuntu Linux distro.
It can be run in VirtualBox (recommended) or VMWare Player, both
available free and run on Linux, Mac or Windows. The Lubuntu download is
large because it is a full .iso. We recommend you download on a fast
connection.
Tools to acquire and analyze data
Firmware flashing tools for multiple manufacturers
Imaging tools for NAND, media cards, and RAM
Free versions of some commercial forensics tools
Useful scripts and utilities specifically designed for mobile forensics
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
UFED Physical Analyzer : is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Advanced capabilities for:
iOS ::
Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6. Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords. Advanced decoding of applications.
BlackBerry ::
Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more. Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
Advanced decoding of all physical extractions performed on devices running any Android versions. Advanced decoding of applications and application files.
GPS ::
Portable GPS devices extraction and decoding. Exclusive – Physical extraction of Tom Tom trip-log files.
Oxygen Forensics Suite (Standard Edition) is a tool that will help you
achieve this. Features include the ability to gather Device Information
(Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts,
Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call
Logs, and Calendar and Task information. It also comes with a file
browser which allows you to access and analyse user photos, videos,
documents and device databases.
Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
Advanced decoding of applications.
BlackBerry ::
Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
Advanced decoding of all physical extractions performed on devices running any Android versions.
Advanced decoding of applications and application files.
GPS ::
Portable GPS devices extraction and decoding.
Exclusive – Physical extraction of Tom Tom trip-log files.
- See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf