File And Data Analysis

You can access forensic software for file and data analysis

Crowd Inspect

CrowdStrike Antivirus Resource Monitor is a small utility written for Windows to measure the resource usage of your existing AV solution. The intent of the Resource Monitor tool is to recognize the current antivirus solution installed on a system and monitor it for resource usage (disk space used, maximum CPU usage, RAM usage, etc.) and produce an easy to read performance score.

DCode

DataDump™ is a free tool which allows you to dump segments of data from an original source image or physical/logical device.

Defraser

Defraser is a forensic analysis application that can be used to detect full and partial multimedia files in datastreams. It is typically used to find (and restore) complete or partial video files in datastreams (for instance, unallocated diskspace).

eCryptfs Parser

eCryptfs Parser is a GUI for Linux and Windows that recursively parses the headers of every eCryptfs file found in a given directory. It will tell you what encryption algorithm was used, the original filesize, signature used etc.

Encryption Analyzer

Passware Encryption Analyzer is a free tool that scans a system to detect protected or encrypted documents, archives, and other types of files. This application provides detailed information about any protected items found, including protection methods and encryption types.

ExifTool

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, DJI, FLIR, FujiFilm, GE, GoPro, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Motorola, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

Ghiro

Ghiro is a fully automated tool designed to run forensics analysis over a massive amount of images, just using an user friendly and fancy web application.

LiveContactsView

LiveContactsView is a small utility that allows you to view the details of all contacts in your Windows Live Messenger. Email address, nickname, quick name, first name, last name, and more. You can easily select one or more contacts and then export them into text/xml/html/csv file, or copy them into the clipboard and then paste them into Excel or to other spreadsheet application.

PsTools

The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that help you administer your Windows NT/2K systems.

Shadow Explorer

ShadowExplorer allows you to browse the Shadow Copies created by the Windows Vista / 7 / 8 / 10 Volume Shadow Copy Service. It’s especially thought for users of the home editions, who don’t have access to the shadow copies by default, but it’s also useful for users of the other editions.

Structured Storage Viewer

This tool allows to completely manage any MS OLE Structured Storage based file. You can save and load streams, add, delete, rename and edit items and property sets. Embedded streams can be viewed as hexadecimal listing, text, bitmap, icon or RTF.

Windows File Analyzer

This application decodes and analyzes some special files used by Windows OS. In these files is interesting information for forensic analysis. Every analysis results can be printed in user-friendly form.

Xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is installed in the major distributions of digital forensics and penetration testing: Kali Linux, BackTrack, DEFT, Security Onion, Matriux, BackBox, CERT Forensics Tools, Pentoo and CERT-Toolkit.