Linux Security and Forensics


  • Autopsy Forensic Browser

    Free Mac Windows Linux Website

    The Autopsy Forensic Browser is a graphical interface to the digital investigation tools in The Sleuth Kit. Together, they allow you to investigate the file system and volumes of a computer.

     

    Autopsy Forensic Browser icon
  • GNU ddrescue

    Free Linux Website

    GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
    The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an error, stop the program, read the log, run it in reverse mode, etc.

    If you use the logfile feature of ddrescue, the data is rescued very efficiently (only the needed blocks are read). Also you can interrupt the rescue at any time and resume it later at the same point.

    Ddrescue does not write zeros to the output when it finds bad sectors in the input, and does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps without wiping out the data already rescued.

    Automatic merging of backups: If you have two or more damaged copies of a file, cdrom, etc, and run ddrescue on all of them, one at a time, with the same output file, you will probably obtain a complete and error-free file. This is so because the probability of having damaged areas at the same places on different input files is very low. Using the logfile, only the needed blocks are read from the second and successive copies.

    Recordable CD and DVD media keep their data only for a finite time (typically for many years). After that time, data loss develops slowly with read errors growing from the outer media region towards the inside. Just make two (or more) copies of every important CD/DVD you burn so that you can later recover them with ddrescue.

    The logfile is periodically saved to disc. So in case of a crash you can resume the rescue with little recopying.

    Ddrescue also features a "fill mode" able to selectively overwrite parts of the output file, which has a number of interesting uses like wiping data, marking bad areas or even, in some cases, "repair" damaged sectors.

     

    GNU ddrescue icon
  • DevDocs

    Free Web Android Self-Hosted Chrome Website

    DevDocs combines multiple API documentations in a fast, organized, and searchable interface.

    • Fully-functional offline
    • Fast, fuzzy search
    • Toggle docs on/off
    • Multi-version support
    • Keyboard shortcuts
    • Retina support
    • Mobile version
    • Dark theme
    • Free and open source

     

    DevDocs icon
  • Clonezilla

    Free Mac Linux Website

    Clonezilla is a free software disaster recovery, disk cloning and deployment solution.

    You're probably familiar with the popular proprietary commercial package Norton Ghost®. The problem with these kind of software packages is that it takes a lot of time to massively clone systems to many computers. You've probably also heard of Symantec's solution to this problem, Symantec Ghost Corporate Edition® with multicasting. Well, now there is an OpenSource clone system (OCS) solution called Clonezilla with unicasting and multicasting!

    Clonezilla, based on DRBL, Partclone and udpcast, allows you to do bare metal backup and recovery. There are two types of Clonezilla available: Clonezilla live and Clonezilla SE (server edition).

    Clonezilla live is suitable for single machine backup and restore.

    Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously.

    Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency.

     

    Clonezilla icon
  • Scalpel

    Free Windows Linux Website

    Scalpel is a file carving and indexing application that runs on Linux
    and Windows.

     

  • Chkrootkit

    Free Linux Website

    Chkrootkit is a Linux tool to locally check for signs of a rootkit. It contains:

    • chkrootkit: shell script that checks system binaries for rootkit modification.
    • ifpromisc.c: checks if the interface is in promiscuous mode.
    • chklastlog.c: checks for lastlog deletions.
    • chkwtmp.c: checks for wtmp deletions.
    • chkproc.c: checks for signs of LKM trojans.
    • chkdirs.c: checks for signs of LKM trojans.
    • strings.c: quick and dirty strings replacement.
    • chkutmp.c: checks for utmp deletions.

     

    Chkrootkit icon
  • Clam AntiVirus

    Free Windows Linux Website

    Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

    ClamAVis also available for Windows as the result of a partnership between Immunet Corporation (http://www.immunet.com ) and Sourcefire, Inc. (http://www.sourcefire.com ). It is designed to provide the ClamAV community with a free Windows-specific Anti-Virus (AV) solution using an advanced Cloud-based protection mechanism.
    Smallest of all AV-applications: only 3.45MB download-file (32bit).
    You can use ClamAV For Windows as a stand-alone, host-based AV solution, or in conjunction with your pre-installed AV solution to provide enhanced detection for the latest malware threats.

     

    Clam AntiVirus icon
  • GParted

    Free Linux Website

    Extremely powerful partition manager. Copy, clone partitions. Can also resize NTFS Windows partitions.

     

    GParted icon
  • PhotoRec

    Free Mac Windows Linux BSD Website

    PhotoRec, companion program to Small TestDisk iconTestDisk , is file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its Photo Recovery name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your medias filesystem has been severely damaged or re-formatted.

     

    PhotoRec icon



Comments on Linux Security and Forensics

Echo echo ... Feels empty in here

Maybe you want to be the first to submit a comment?

Sign up to comment, it's simple!