FIRE-Logo!!!
FIRE Home || FIRE FAQ || FIRE Features || FIRE Tools || License || Donate!

196 Available Packages

Base OS
Forensics/Data Recovery
Incident Response
Pen-Test
Static Linked Binary
Virus Scanning
Note: some packages have multiple uses and will be listed more than once.
Not all packages input yet...

Forensics/Data Recovery (51 Packages)
    NameDescriptionLicense
     AIDE v0.9 AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.

GNU General Public License (GPL)
    
     argus the network Audit Record Generation and utilization System. The Argus Open Project is focused on developing network activity audit strategies that can do real work for the network architect, administrator and network user.

Quosient public license
    
     Autopsy v1.7.1 The Autopsy Forensic Browser is an HTML-based graphical interface to The Sleuth Kit and standard UNIX utilities. Autopsy automates many of the tasks required during a digital forensic analysis using the TASK collection of powerful command line tools as a foundation. Since this graphical interface is separate from the file system tools, an investigator can still use a command line interface if Autopsy cannot accomplish the desired outcome.

GNU General Public License (GPL)
    
     biew v5.3.2 BIEW- is a free, portable, advanced file viewer with built-in editor for binary, hexadecimal and disassembler modes.

GNU General Public License (GPL)
    
     bsed binary stream editor

GNU General Public License (GPL)
    
     bwplot Plot information about packet captures.

GNU General Public License (GPL)
    
     chkrootkit v0.40 chkrootkit is a tool to locally check for signs of a rootkit

chkrootkit license
    
     CmosPwd v4.2 Cmos password recovery tools Works with the following BIOSes - ACER/IBM BIOS - AMI BIOS - AMI WinBIOS 2.5 - Award 4.5x/4.6x - Compaq (1992) - Compaq (New version) - IBM (PS/2, Activa, Thinkpad) - Packard Bell - Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107 - Phoenix 4 release 6 (User) - Gateway Solo - Phoenix 4.0 release 6 - Toshiba - Zenith AMI

GNU General Public License (GPL)
    
     cryptcat encryption enabled netcat

GNU General Public License (GPL)
    
     dcfldd - (or edd, enhanced dd) the original dd tool enhanced with MD5 hashing built it. development work completed by DoD Computer Forensics lab.

GNU General Public License (GPL)
    
     Disk Investigator (win32) Disk viewer

GNU General Public License (GPL)
    
     dsniff tools v2.3 dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

GNU General Public License (GPL)
    
     editreg linux command line tool to examine windows registries.

GNU General Public License (GPL)
    
     ethereal v.0.9.11 Ethereal is a free network protocol analyzer for Unix and Windows.

GNU General Public License (GPL)
    
     fatback v1.3 DoD Computer forensics lab developed tool to undelete files from FAT filesystems

GNU General Public License (GPL)
    
     fenris v0.3 fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more.

GNU General Public License (GPL)
    
     foremost v0.64 Digs through an image file to find files within using header information.

GNU General Public License (GPL)
    
     FTimes v3.2.1 FTimes (a.k.a ftimes) is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.

GNU General Public License (GPL)
    
     gpart 0.1h Gpart is a tool which tries to guess the primary partition table of a PC-type hard disk in case the primary partition table in sector 0 is damaged, incorrect or deleted. The guessed table can be written to a file or device.

GNU General Public License (GPL)
    
     hbd v0.2.3 The HomeBrew Java decompiler

GNU General Public License (GPL)
    
     hexedit v1.2.1 ncurses based hexeditor

GNU General Public License (GPL)
    
     LDE - Linux Disk Editor v2.5 LDE allows you to view and edit disk blocks as hex and/or ASCII, view/navigate directory entries, and view and edit formatted inodes. Most of the functions can be accessed using the program's curses interface or from the command line so that you can automate things with your own scripts.

GNU General Public License (GPL)
    
     logdump v1.0 Extracts syslog data from tcpdump savefiles.

GNU General Public License (GPL)
    
     MAC Daddy MAC Time collector for forensic incident response. This toolset is a modified version of the two programs tree.pl and mactime from the Coroner's Toolkit by Dan Farmer and Venema Weiste.

GNU General Public License (GPL)
    
     mac-robber v1.0 mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the mactime tool in The Coroner's Toolkit (TCT) to make a timeline of file activity. mac-robber is similar to running the grave-robber tool with the '-m' flag, except this is written in C and not Perl. This work was done at @stake

GNU General Public License (GPL)
    
     md5deep v0.16 (linux & win32) md5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files.

GNU General Public License (GPL)
    
     memfetch v0.04b Linux on-demand process image dumper

GNU General Public License (GPL)
    
     ngrep v1.40 Ngrep is a powerful network sniffing tool which strives to provide most of GNU grep's common features, applying them to all network traffic.

Other/Proprietary License with Source
    
     ol2mbox - libPST v1.0.4 - libDBX v1.0.3 provide libraries and applications for the conversion of Outlook and Outlook Express data files to Linux MBOX format.

GNU General Public License (GPL)
    
     partimage v0.6.2 Partition Image is a Linux/UNIX utility which saves partitions in many formats to an image file. (Not Forensically sound, but good for system recovery work)

GNU General Public License (GPL)
    
     perl 5.8.0 compiled with support for >2G files, including a bunch o useful perl modules to boot.

GNU General Public License (GPL)
    
     photorec v1.0 PhotoRec is a little tool to recover pictures from digital camera memory

GNU General Public License (GPL)
    
     pwl9x v0.07 Windows 9x Password List reader is a program that will allow you to see the passwords contained in your Windows pwl database under Unix. You can check the security of these files/try to recover the main password using the bruteforce mode.

GNU General Public License (GPL)
    
     rda v0.2.1 RDA is a computer forensics tool to remotely acquire data.

GNU General Public License (GPL)
    
     rec (reverse engineering compiler) Reverse Engineering compiler

Other/Proprietary License with Free Trial
    
     ree v1.3 ree (ROM extension extractor) scans your memory (/dev/mem) for ROM extensions, and writes them out to files. ROM extensions are BIOSes which reside on ROM chips in your computer.

GNU General Public License (GPL)
    
     snort v2.0 (inline) snort! need i say more?

GNU General Public License (GPL)
    
     ssldump v0.9b3 ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.

GNU General Public License (GPL)
    
     StegDetect v0.5 Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide (Unix and Windows), invisible secrets, and outguess 01.3b.

BSD License
    
     tcpdstat get summary information of a tcpdump file. tcpdstat reads a tcpdump file using the pcap library and prints the statistics of a trace. The output includes the number of packets, the average rate and its standard deviation, the number of unique source and destination address pairs, and the breakdown of protocols.

GNU General Public License (GPL)
    
     tcpdump v3.7.1 Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities.

BSD License
    
     tcpflow v0.20 tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

GNU General Public License (GPL)
    
     tcpreplay v1.4 Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.

GNU General Public License (GPL)
    
     tcpslice v1.2a1 a tool for extracting portions of packet trace files generated using tcpdump's -w flag.

GNU General Public License (GPL)
    
     tcptrace v6.2.0 tcptrace is a tool written by Shawn Ostermann at Ohio University, for analysis of TCP dump files. It can take as input the files produced by several popular packet-capture programs, including tcpdump, snoop, etherpeek, HP Net Metrix, and WinDump. tcptrace can produce several different types of output containing information on each connection seen, such as elapsed time, bytes and segments sent and recieved, retransmissions, round trip times, window advertisements, throughput, and more. It can also produce a number of graphs for further analysis.

GNU General Public License (GPL)
    
     TCT v1.11 TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in.

GNU General Public License (GPL)
    
     TestDisk v4.4 Tool to check and undelete partition Works with the following partitions: - FAT12 FAT16 FAT32 - Linux - Linux SWAP (version 1 and 2) - NTFS (Windows NT) - BeFS (BeOS) - UFS (BSD) - Netware - ReiserFS

GNU General Public License (GPL)
    
     The Sleuth Kit v1.61 The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

GNU General Public License (GPL)
    
     TNEF v1.2.0 TNEF provides a way to unpack those pesky Microsoft MS-TNEF MIME attachments. It operates like tar in order to upack any files which may have been put into the MS-TNEF attachment instead of being attached seperately.

GNU General Public License (GPL)
    
     VNC - tightvnc VNC (an abbreviation for Virtual Network Computing) is a great client/server software package allowing remote network access to graphical desktops. Used in biatchux to send remote consoles!

GNU General Public License (GPL)
    
     wipe v2.0 Wipe is a secure file wiping utility.

GNU General Public License (GPL)

Top


FIRE Download:


Downloading version 0.3.5 is recommended.
Google
Web fire.dmzs.com

Supporters:

F.I.R.E at SourceForge
Things I'm into:
The Deep Rants of William Salusky
Handler with The Internet Storm Center
Member of The Honeynet Project

Recommended Links:
Sleuthkit and Autopsy
NSRL

Friends of FIRE:
History Store - The Aurora History Boutique


Feed the FIRE with donations!

Donate!

Tracker Tracker

 - Bugs ( 23 open / 53 total )
Bug Tracking System

 - Support Requests ( 12 open / 25 total )
Tech Support Tracking System

 - Patches ( 0 open / 2 total )
Patch Tracking System

 - Feature Requests ( 3 open / 78 total )
Feature Request Tracking System


Forums Forums ( 522 messages in 2 forums )
Docs Doc Manager
Mail Lists Mailing Lists ( 3 mailing lists )
Screenshots Screenshots
FTP Released Files
TinyBiatchux!!! Requests.... comments... flames... change (@) dmzs.com