Profile of gregfreemyer

Bugowner

AFF is an open and extensible file format designed to store disk images and associated metadata. afflib is library for support of the Advanced Forensic Format (AFF).

openSUSE:12.2 / bulk_extractor

Bugowner

bulk_extractor is a C++ program that scans a disk image, a file, or a
directory of files and extracts useful information without parsing the
file system or file system structures. The results are stored in feature
files that can be easily inspected, parsed, or processed with automated
tools. bulk_extractor also created a histograms of features that it finds,
as features that are more common tend to be more important.

openSUSE:12.2 / libewf

Bugowner

libewf is a library for support of the Expert Witness Compression Format (EWF). libewf allows you to read media information of EWF files in the SMART (EWF-S01)format and the EnCase (EWF-E01) format. libewf allows to read files created by EnCase 1 to 6, linen and FTK Imager

openSUSE:12.2 / mac-robber

Bugowner

mac-robber is a digital forensics and incident response tool that can be used
with The Sleuth Kit to create a timeline of file activity for mounted
file systems.

openSUSE:12.2 / ntfs-3g_ntfsprogs

Bugowner

NTFS-3G allows for read/write access to NTFS partitions which can be
shared with Windows XP, Windows Server 2003, Windows 2000, Windows
Vista and Windows Seven.

openSUSE:12.2 / perl-Data-Hexify

Bugowner

This module exports one subroutine: 'Hexify'.

'Hexify' formats arbitrary (possible binary) data into a format suitable
for hex dumps in the style of 'xd' or 'hexl'.

The first, or only, argument to 'Hexify' contains the data, or a reference
to the data, to be hexified. Hexify will return a string that prints as
follows:

0000: 70 61 63 6b 61 67 65 20 44 61 74 61 3a 3a 48 65 package Data::He
0010: 78 69 66 79 3b 0a 0a 75 73 65 20 35 2e 30 30 36 xify;..use 5.006

and so on. At the left is the (hexadecimal) index of the data, then a
number of hex bytes, followed by the chunk of data with unprintables
replaced by periods.

The optional second argument to 'Hexify' must be a hash or a hash
reference, containing values for any of the following parameters:

* first

The first byte of the data to be processed. Default is to start from the
beginning of the data.

* length

The number of bytes to be processed. Default is to proceed all data.

* chunk

The number of bytes to be processed per line of output. Default is 16.

* group

The number of bytes to be grouped together. Default is 1 (no grouping).
If used, it must be a divisor of the chunk size.

* duplicates

When set, duplicate lines of output are suppressed and replaced by a
single line reading '**SAME**'.

Duplicate suppression is enabled by default.

* showdata

A reference to a subroutine that is used to produce a printable string
from a chunk of data. By default, a subroutine is used that replaces
unwanted bytes by periods.

The subroutine gets the chunk of data passed as argument, and should
return a printable string of at most 'chunksize' characters.

* align

Align the result to 'chunksize' bytes. This is relevant only when
processing data not from the beginning. For example, when 'first' is 10,
the result would become:

0000: ... 74 61 3a 3a 48 65 ta::He
0010: 78 69 66 79 3b ... 65 20 35 2e 30 30 36 xify;..use 5.006
... and so on ...

Alignment is on by default. Without alignment, the result would be:

000a: 74 61 3a 3a 48 ... 79 3b 0a 0a 75 73 65 ta::Hexify;..use
001a: 20 35 2e 30 30 ... 73 65 20 73 74 72 69 5.006;.use stri
... and so on ...

* start

Pretend that the data started at this byte (while in reality it starts at
byte 'first'). The above example, with 'start => 0', becomes:

0000: 74 61 3a 3a 48 ... 79 3b 0a 0a 75 73 65 ta::Hexify;..use
0010: 20 35 2e 30 30 ... 73 65 20 73 74 72 69 5.006;.use stri
... and so on ...

openSUSE:12.2 / perl-File-Mork

Bugowner

This is a module that can read the Mozilla URL history file -- normally
$HOME/.mozilla/default/*.slt/history.dat -- and extract the id, url, name,
hostname, first visted dat, last visited date and visit count.

To find your history file it might be worth using *Mozilla::Backup* which
has some platform-independent code for finding the profiles of various
Mozilla-isms (including Firefox, Camino, K-Meleon, etc.).

openSUSE:12.2 / perl-Image-ExifTool

Bugowner

ExifTool provides an extensible set of perl modules to read and write meta
information in a wide variety of files, including the maker note
information of many digital cameras by various manufacturers such as Canon,
Casio, FujiFilm, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta,
Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Ricoh, Samsung, Sanyo,
Sigma/Foveon and Sony.

Below is a list of file types and meta information formats currently
supported by ExifTool (r = read, w = write, c = create):

openSUSE:12.2 / perl-Mac-PropertyList

Bugowner

This module is a low-level interface to the Mac OS X Property List (plist)
format. You probably shouldn't use this in applications--build interfaces
on top of this so you don't have to put all the heinous multi-level object
stuff where people have to look at it.

You can parse a plist file and get back a data structure. You can take that
data structure and get back the plist as XML. If you want to change the
structure inbetween that's your business. :)

You don't need to be on Mac OS X to use this. It simply parses and
manipulates a text format that Mac OS X uses.

openSUSE:12.2 / perl-Parse-Win32Registry

Bugowner

Parse::Win32Registry is a module for parsing Windows Registry files,
allowing you to read the keys and values of a registry file without going
through the Windows API.

It provides an object-oriented interface to the keys and values in a
registry file. Registry files are structured as trees of keys, with each
key containing further subkeys or values.

The module is intended to be cross-platform, and run on those platforms
where Perl will run.

It supports both Windows NT registry files (Windows NT, 2000, XP, 2003,
Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium
Edition).

It is intended to be used to parse offline registry files. If a registry
file is currently in use, you will not be able to open it. However, you can
save part or all of a currently loaded registry file using the Windows reg
command if you have the appropriate administrative access.

openSUSE:12.2 / python-fuse

Bugowner

Python bindings for FUSE (User space File System)

openSUSE:12.2 / sleuthkit

Bugowner

The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data

openSUSE:12.3 / afflib

Bugowner

AFF is an open and extensible file format designed to store disk images and associated metadata. afflib is library for support of the Advanced Forensic Format (AFF).

openSUSE:12.3 / bulk_extractor

Bugowner

bulk_extractor is a C++ program that scans a disk image, a file, or a
directory of files and extracts useful information without parsing the
file system or file system structures. The results are stored in feature
files that can be easily inspected, parsed, or processed with automated
tools. bulk_extractor also created a histograms of features that it finds,
as features that are more common tend to be more important.

openSUSE:12.3 / calc

Bugowner

Calc is arbitrary precision C-like arithmetic system that is a calculator, an algorithm prototyper and mathematical research tool. Calc comes with a rich set of builtin mathematical and programmatic functions.

openSUSE:12.3 / httrack

Bugowner

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.

openSUSE:12.3 / libewf

Bugowner

libewf is a library for support of the Expert Witness Compression Format (EWF). libewf allows you to read media information of EWF files in the SMART (EWF-S01)format and the EnCase (EWF-E01) format. libewf allows to read files created by EnCase 1 to 6, linen and FTK Imager

openSUSE:12.3 / log2timeline

Bugowner

log2timeline takes a log file (or a directory) and parses it to produce a body file that can be imported into other tools for timeline analysis. The tool has both a modular based approach to the input file as well as the output file. The current version supports exporting the timeline in a several different body formats. log2timeline is build as a series of scripts, this one being the front-end, which uses other scripts to actually parse the log files (called format files). The tool is build to be easily extended for anyone that wants to create a new format or an output file.

As noted above the default output mechanism is in a CSV file format, which can be easily imported into spreadsheet applications, and parsed by the tool l2t_process. The output format can be easily changed with the -o parameter. The output module can be set to output in a body format that needs to be imported into another tool for human readable format, or it can be implemented to print the timeline directly in a human readable format.

The tool is build using multiple so called input modules. Each of those input modules provide a single format that can be parsed, whether that is a log file or a directory containing some files that need to be parsed.

The purpose of the tool is to provide a single tool to parse various artifacts that are either produced by the suspsect operating system or other systems that might have some logs retaining to the investigation.

openSUSE:12.3 / mac-robber

Bugowner

mac-robber is a digital forensics and incident response tool that can be used
with The Sleuth Kit to create a timeline of file activity for mounted
file systems.

openSUSE:12.3 / ntfs-3g_ntfsprogs

Bugowner

NTFS-3G allows for read/write access to NTFS partitions which can be
shared with Windows XP, Windows Server 2003, Windows 2000, Windows
Vista and Windows Seven.

openSUSE:12.3 / perl-Data-Hexify

Bugowner

This module exports one subroutine: 'Hexify'.

'Hexify' formats arbitrary (possible binary) data into a format suitable
for hex dumps in the style of 'xd' or 'hexl'.

The first, or only, argument to 'Hexify' contains the data, or a reference
to the data, to be hexified. Hexify will return a string that prints as
follows:

0000: 70 61 63 6b 61 67 65 20 44 61 74 61 3a 3a 48 65 package Data::He
0010: 78 69 66 79 3b 0a 0a 75 73 65 20 35 2e 30 30 36 xify;..use 5.006

and so on. At the left is the (hexadecimal) index of the data, then a
number of hex bytes, followed by the chunk of data with unprintables
replaced by periods.

The optional second argument to 'Hexify' must be a hash or a hash
reference, containing values for any of the following parameters:

* first

The first byte of the data to be processed. Default is to start from the
beginning of the data.

* length

The number of bytes to be processed. Default is to proceed all data.

* chunk

The number of bytes to be processed per line of output. Default is 16.

* group

The number of bytes to be grouped together. Default is 1 (no grouping).
If used, it must be a divisor of the chunk size.

* duplicates

When set, duplicate lines of output are suppressed and replaced by a
single line reading '**SAME**'.

Duplicate suppression is enabled by default.

* showdata

A reference to a subroutine that is used to produce a printable string
from a chunk of data. By default, a subroutine is used that replaces
unwanted bytes by periods.

The subroutine gets the chunk of data passed as argument, and should
return a printable string of at most 'chunksize' characters.

* align

Align the result to 'chunksize' bytes. This is relevant only when
processing data not from the beginning. For example, when 'first' is 10,
the result would become:

0000: ... 74 61 3a 3a 48 65 ta::He
0010: 78 69 66 79 3b ... 65 20 35 2e 30 30 36 xify;..use 5.006
... and so on ...

Alignment is on by default. Without alignment, the result would be:

000a: 74 61 3a 3a 48 ... 79 3b 0a 0a 75 73 65 ta::Hexify;..use
001a: 20 35 2e 30 30 ... 73 65 20 73 74 72 69 5.006;.use stri
... and so on ...

* start

Pretend that the data started at this byte (while in reality it starts at
byte 'first'). The above example, with 'start => 0', becomes:

0000: 74 61 3a 3a 48 ... 79 3b 0a 0a 75 73 65 ta::Hexify;..use
0010: 20 35 2e 30 30 ... 73 65 20 73 74 72 69 5.006;.use stri
... and so on ...

openSUSE:12.3 / perl-File-Mork

Bugowner

This is a module that can read the Mozilla URL history file -- normally
$HOME/.mozilla/default/*.slt/history.dat -- and extract the id, url, name,
hostname, first visted dat, last visited date and visit count.

To find your history file it might be worth using *Mozilla::Backup* which
has some platform-independent code for finding the profiles of various
Mozilla-isms (including Firefox, Camino, K-Meleon, etc.).

openSUSE:12.3 / perl-Image-ExifTool

Bugowner

ExifTool provides an extensible set of perl modules to read and write meta
information in a wide variety of files, including the maker note
information of many digital cameras by various manufacturers such as Canon,
Casio, FujiFilm, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta,
Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Ricoh, Samsung, Sanyo,
Sigma/Foveon and Sony.

Below is a list of file types and meta information formats currently
supported by ExifTool (r = read, w = write, c = create):

openSUSE:12.3 / perl-Mac-PropertyList

Bugowner

This module is a low-level interface to the Mac OS X Property List (plist)
format. You probably shouldn't use this in applications--build interfaces
on top of this so you don't have to put all the heinous multi-level object
stuff where people have to look at it.

You can parse a plist file and get back a data structure. You can take that
data structure and get back the plist as XML. If you want to change the
structure inbetween that's your business. :)

You don't need to be on Mac OS X to use this. It simply parses and
manipulates a text format that Mac OS X uses.

openSUSE:12.3 / perl-Parse-Win32Registry

Bugowner

Parse::Win32Registry is a module for parsing Windows Registry files,
allowing you to read the keys and values of a registry file without going
through the Windows API.

It provides an object-oriented interface to the keys and values in a
registry file. Registry files are structured as trees of keys, with each
key containing further subkeys or values.

The module is intended to be cross-platform, and run on those platforms
where Perl will run.

It supports both Windows NT registry files (Windows NT, 2000, XP, 2003,
Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium
Edition).

It is intended to be used to parse offline registry files. If a registry
file is currently in use, you will not be able to open it. However, you can
save part or all of a currently loaded registry file using the Windows reg
command if you have the appropriate administrative access.

Places

Greg Freemyer

Involved Projects and Packages

Places