securityfirst_jo :: 포렌식 프로그램 모음

Tag

Recent Comment

Recent Post

Recent Trackback

calendar

« 2024.4 »

포렌식 프로그램 모음

포렌식

posted by 블르샤이닝 2023. 10. 26. 20:42

728x90

출처 : https://present4n6.tistory.com/64

디지털 포렌식 공부를 하면서 사용했었던 프로그램들을 소개해드리겠습니다.

추후 제가 추가로 접하는 프로그램들 또한 지속적으로 업데이트할 예정입니다.

공식 배포 홈페이지가 따로 있는 경우 댓글로 알려주시면 감사하겠습니다.

포스팅 업데이트 최신 날짜 : 2023-01-13

디지털 포렌식 관련 무료 프로그램 모음

1. AmCache

AmcacheParser

http://ericzimmerman.github.io/#!index.md

2. AppCompatCache(ShimCache)

AppCompatCacheParser

http://ericzimmerman.github.io/#!index.md

3. 이벤트 로그

Evtx Explorer/EvtxECmd

http://ericzimmerman.github.io/#!index.md

LogParserStudio2(LPSV2.D2)

https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-log-parser-studio/ba-p/601131

MessageAnalyzer64

https://microsoft-message-analyzer.software.informer.com/download/#downloading

4. Hash

HashCalc

https://www.slavasoft.com/hashcalc/

HashTab

http://implbits.com/products/hashtab/

5. Jumplist

JLECmd, JumpList Explorer

http://ericzimmerman.github.io/#!index.md

JumplistView

https://www.nirsoft.net/utils/jump_lists_view.html

6. link file

LECmd

http://ericzimmerman.github.io/#!index.md

LinkParser

https://4discovery.com/our-tools/link-parser/

7. File System(MFT, Log, Data)

MFTECmd, MFTExplorer

http://ericzimmerman.github.io/#!index.md

analyzeMFT Python Code

https://github.com/dkovar/analyzeMFT

https://kkoha.tistory.com/entry/analyzeMFT-204

NTFS Log Tracker

https://sites.google.com/site/forensicnote/ntfs-log-tracker?fbclid=IwAR2P6h8xdxXLdUFVE2SFjORLPGaPRGctdoV3-40-YlcS0fkWduaXKkU3VEk

NTFS Data Tracker

https://sites.google.com/site/forensicnote/ntfs-data-tracker?fbclid=IwAR3WulLe85esgaX0mHK__7_nwBkfOdjfjngPNdXjr4cQeTiuZeefxe0jGKs

8. Prefetch

PECmd

http://ericzimmerman.github.io/#!index.md

WinPrefetchView

https://www.nirsoft.net/utils/win_prefetch_view.html

9. Registry

Registry Explorer/RECmd

http://ericzimmerman.github.io/#!index.md

REGA

http://forensic.korea.ac.kr/tools.html

RegRipper

https://github.com/keydet89/RegRipper3.0

10. Shellbags

ShellBags Explorer

http://ericzimmerman.github.io/#!index.md

ShellBags View

https://www.nirsoft.net/utils/shell_bags_view.html

11. SRUM(SRUDB.dat)

SrumECmd

http://ericzimmerman.github.io/#!index.md

NetworkUsageView

https://www.nirsoft.net/utils/network_usage_view.html

12. Windows10 Timeline db

WxTCmd

http://ericzimmerman.github.io/#!index.md

13. Image Mount / Disk Imaging

Arsenal Image Mounter(Image Mount)

https://arsenalrecon.com/downloads/

FTK Imager(Image Mount, Disk Imaging, File Restore(파일 복구))

https://accessdata.com/product-download/ftk-imager-version-4-5

14. Web Browser

Browsing History View

https://www.nirsoft.net/utils/browsing_history_view.html

Chrome Cache View

https://www.nirsoft.net/utils/chrome_cache_view.html

IE Cache View

https://www.nirsoft.net/utils/ie_cache_viewer.html

WEFA

http://forensic.korea.ac.kr/tools.html

Index.dat Analyzer v2.5

https://www.systenance.com/indexdat.php

15. USB

USB Forensic Tracker

http://www.orionforensics.com/forensics-tools/usb-forensic-tracker/

16. Exif File

Exif Pilot

https://www.colorpilot.com/exif.html

Exiftool

https://exiftool.org/

17. GPS

GPS Route Editor

http://www.gpsnote.net/

18. Volume Shadow Copy Service(VSS)

Shadow Explorer

https://www.shadowexplorer.com/downloads.html

VSCToolset

https://df-stream.com/vsc-toolset/

19. MS Outlook

Kernel PST Viewer

https://www.nucleustechnologies.com/pst-viewer.html

Kernel OST Viewer

https://www.nucleustechnologies.com/ost-viewer.html

SysTools DBX Converter

https://download.cnet.com/SysTools-DBX-Converter/3000-2369_4-76172720.html

20. Hex Editor

HxD

https://mh-nexus.de/en/hxd/

21. SQLite

DB Browser for SQLite

https://sqlitebrowser.org/

22. ShellCode

scdbg.exe

http://sandsprite.com/blogs/index.php?uid=7&pid=152

23. File Structure

Structured Storage Viewer(SSView)

https://www.mitec.cz/ssv.html

24. Strings

Strings

https://docs.microsoft.com/en-us/sysinternals/downloads/strings

25. Memory

Volatility 2.6

https://www.volatilityfoundation.org/26

Volatility 3.x

https://github.com/volatilityfoundation/volatility3

DumpIt

https://github.com/Crypt2Shell/Comae-Toolkit

GIMP

https://www.gimp.org/

Magnet Dumpit for Windows

https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/?utm_source=Pardot&utm_medium=Email&utm_campaign=Free_Tools_DumpIt_for_Windows_Requests_Email_Announcement

Magnet Dumpit for Linux

https://github.com/MagnetForensics/dumpit-linux

26. Steganography

Stegsolve.jar

http://www.caesum.com/handbook/stego.htm

OpenStego

https://www.openstego.com/

OpenPuff

https://embeddedsw.net/OpenPuff_Steganography_Home.html

Audacity

https://www.audacityteam.org/

AudioPaint

https://www.softpedia.com/get/Multimedia/Audio/Other-AUDIO-Tools/AudioPaint.shtml

FL Studio

https://www.image-line.com/

기타 스테가노그래피 프로그램 모음

http://www.jjtc.com/Steganography/tools.html

27. ADS(Alternate Data Stream)

Sysinternals Streams.exe

https://docs.microsoft.com/en-us/sysinternals/downloads/streams

nirsoft AlternateStreamView.exe

https://www.nirsoft.net/utils/alternate_data_streams.html

CMD/PowerShell로 분석

https://present4n6.tistory.com/76?category=904227

28. Mobile

ALEAPP

https://github.com/abrignoni/ALEAPP

29. 통합 분석 프로그램

Autopsy

https://www.autopsy.com/download/

30. 아티팩트 크롤러

KAPE

https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape

728x90

'포렌식' 카테고리의 다른 글

웹공격 유형 (0)	2024.04.27
아파트 천정 와이파이 비밀번호 변경 (0)	2023.09.10
애플 앱 스토어 검색 사이트 (0)	2022.05.04
프린트 스풀러 포렌식 분석 (Print Spooler Forensics) (0)	2021.04.19
MFT 로그에서 $SI와 $FN 의 특징을 잘 설명된것 (0)	2020.09.17

티스토리툴바