Windows Forensics: The Field Guide for Corporate Computer Investigations
| | ||
| | ||
| | ||
Refer to the following list for additional resources:
-
dtSearch desktop search tool
-
http://www.dtsearch.com
-
-
File format details (including header information)
-
http://www. wotsit .org
-
-
FreeUndelete file recovery tool
-
http://www.officerecovery.com/freeundelete/
-
-
FSum file integrity checker from Slavasoft
-
http://www.slavasoft.com/fsum/index.htm
-
-
Gargoyle (and Stego Suite) from WetStone
-
http://www.wetstonetech.com/
-
-
Google Desktop Search
-
http://www.desktop.google.com
-
-
IrfanView image viewer
-
http://www.irfanview.com/
-
-
JP Hide 'n Seek Steg toolkit from Allan Latham
-
http://www.linux01.gwdg.de/~alatham/stego.html
-
-
LNK file reverse-engineered details from Jesse Hager
-
http://www.wotsit.org/download.asp?f=shortcut
-
-
Maresware Hash Library
-
http://www.dmares.com/maresware/hash_cd.htm
-
-
NSRL National Software Reference Library
-
http://www.nsrl.nist.gov/
-
-
Rifuiti Recycle Bin tool from Foundstone
-
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/rifiuti.htm
-
-
SHD and SPL file format details
-
http://www.undocprint.printassociates.com/spooler/spoolfiles/
-
-
StegDetect Steganalysis tool by Niels Provos
-
http://www.mirrors.wiretapped.net/security/steganography/stegdetect/
-
-
Unix to Windows ports of common utilities
-
http://www.tedfelix.com/SupaSoft/wuup.htm
-
| | ||
| | ||
| | ||