Thomas Rude - Tools - Thomas the Tool Man!

Tools Back to Contents

The tools below are ones that I have used within my profession. I recommend taking the time to learn about each one before attempting to use them. I have provided the links below to open a new browser window which will take you to the homepage for the tool. Please report any broken links!

Data Backup Tools

SMART - Storage Media Archive and Recovery Toolkit by Andrew Rosen and ASR Data - the man who brought us Expert Witness has something new brewing. All I can say is so far it rocks! Could that have anything to do with the platform it runs on? You bet! Completely backup and restore numerous system types from within one platform, repartition your hard drive, and squirt your backup image out the NIC via FTP! Home run!

Data Forensic Tools

Captain Nemo - Pretty cool . . . read, write, copy, search, and access Novell Netware, Microsoft NTFS, and Linux ext2 files and drives all from within your Windows world. I dig it - cheap price too!

Data-Sniffer - nice little forensic tool here as well. File Extraction (including support for EnCase uncompressed image files, Safeback images, and NTI tools), parsing, view Recycle Bin files, and more. For the price, you can't go wrong!

DBXtract - Another useful forensic tool, DBXtract extracts mail messages from Outlook Express 5 DBX files.

MAC Daddy - Dump this on a floppy or BBC and you can do some powerful things: grab mactimes without writing to the suspect system, send that data elsewhere via NIC, + more. MAC Daddy is a mod of two utilities found in the TCT described below.

MBXtract - Coded by same guy above, MBXtract targets Outlook Express 4 MBX files.

The Coroner's Toolkit (TCT) - Excellent collection of tools to analyze a UNIX system by Dan Farmer and Wietse Venema. Also good for analyzing volatile information on a live sytem. Good for plenty of forensic work!

TCTUtils - An enhancement to TCT above. TCTUtils can list directory inode contents, find the inode that is using a given block, and allows you to view inode and block details in various formats.

Autospy Forensic Browser - HTML front end for TCT and TCTUtils. If you like a nice GUI, this browser is purty! Has a file manager style interface, allows you to view the contents of a file as raw data or in ASCII, and allows you to generate reports.

File Viewer Tools Tools

IrfanView - amazingly fast 32-bit graphic viewer. TONS of supported file formats. Get it and use it -> great for setting as an External Viewer for forensic analysis.

Quick View Plus - A GREAT file viewer! Absolutely top notch - view just about anything (e-mail attachments, graphics, documents, spreadsheets, databases, presentations, and much more).

Thumbs Plus - A great viewer for graphic files! Use it to view thumbnail images of all your graphics, crop, edit, batch conversion, and more! Try it out!

Hardware Tools

Chuck's Tools - Okay, so it's geared towards the hobby market. But, I guarantee you will find some very useful tools for when you need to work on your hardware. Especially for those small screws and hard to reach places!

Hex Editors

UltraEdit - what an editor! Handle your editing needs with this tool -> text editing, HEX editing, HTML editing, and programming editing. All in one.

WinHex - I gotta say this - this is one of my absolute favorites! You've got all your standard features, but the greatest bonus for WinHex is its RAM editor! That is right - view and edit RAM!

Integrity Tools

InCtrl - nifty tool to track system changes. Run it, install the new program, run it again, and view what changes/additions/deletions have been made by the installation.

Tripwire - Probably THE tool used for integrity assessment. Most useful for auditing once a clean, base line, system has been configured.

Intrusion Detection Tools

Snort - an excellent intrusion detection system. Protocol analysis, traffic analysis, packet logging, alerting, and much more. Get it, play with it, run it! Oh, if you need the win32 version of Snort here ya go!

snort panel - Windows utility for configuring, managing, and monitoring Snort. Nifty for all your GUI needs!

Network Tools

dsniff - Quite the collection from Dug Song! Quite the collection . . . Dsniff is a collection of some very cool tools. Arpspoof, dnsspoof, dsniff, filesnarf, macof, mailsnarf, msgsnarf, urlsnarf, and webspy - among others. I could go on and on about the usefulness of this collection, but it is much simpler to simply pay a visit and grab 'em for yourself! And, remember, play responsibly!

Netcat - Legendary 'TCP/IP Swiss Army Knife' for Window NT and UNIX. Many uses, such as port scanning, hex dump of data, listen on specified ports, pipe data to specified ports, etc. Another personal favorite of mine.

Nmap - THE ultimate reconnaissance tool used to gather network information (ports, OS fingerprinting, etc.). A can't live without, no doubt!

tcpdump - Essentially captures packets as they fly across the wire. Useful for sniffing traffic, troubleshooting connectivity issues, monitoring, etc. Definately one of the can't live withouts!

windump - For the Windows world, this is the must have porting of tcpdump. Good stuff indeed!

Password Tools

l0phtcrack - Wonderful password 'auditor' for the Windows NT environment. Customizable password cracking methods. Capture passwords travelling across LAN via SMB. Dump registry values. Getting older, but still a can't live without!

pwdump2 - Ready to dump password hashes from the Windows NT SAM database? Here's the tool to do it! HINT: pipe it to a text file and import that file to l0phtcrack.

pwdump3 - It's finally here! Grab them there password hashes from your target NT or 2000 server (no matter about syskey) and check the password strength. There are a few problems with it, so your mileage may vary (as always!).

Programming Tools

IDA Pro - If you've got the money, this multi-processor supported disassembler is the bomb! Whether you want to check your code or validate commercial software, this is the tool to do it with!

Active Perl - for your programming needs . . . ActivePerl . . .

Secure Communication Tools

cryptcat - well, you've got netcat, so here's cryptcat! Taking netcat functionality a step further and encrypting the transmission with the twofish algorithm. And, in being fair, there is both a Win and a Lin version. Swing batter!

SecureCRT - SSH Client in a Windows terminal emulator. Very cool, very useful, get it! Encrypt you data transmissions.

System Tools

BootPart - nifty little tool that provides an 'easy' way to add partitions to the Windows NT boot menu. Got Linux and want to add it to the NT boot menu? Get BootPart!

Fdutils - Cool little utilities for configuring and debugging the Linux floppy driver, sending raw commands to the floppy controller, and for formatting.

gpart - If you don't know what type of partition you've come across I recommend grabbing gpart and trying it out! Still in beta, so might be buggy, but very cool from what I've seen so far.

System Commander 2000 - most excellent tool for partitioning and multi-booting. I've got 7 bootable operating systems on my laptop thanks to this one. Get it!

WinImage - Since Windows lacks (natively) the great DD command you've got to find another way to make disk images from a floppy (or vice versa). Right? Okay, WinImage is a great solution. Not to mention it has a few other great features that enhance its functionality.