| Name | Description | License |
|
AIDE v0.9 |
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. |
GNU General Public License (GPL) |
  |
|
|
lsof v4.66 |
list open files |
GNU General Public License (GPL) |
  |
|
|
mac-robber v1.0 |
mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the mactime tool in The Coroner's Toolkit (TCT) to make a timeline of file activity. mac-robber is similar to running the grave-robber tool with the '-m' flag, except this is written in C and not Perl. This work was done at @stake |
GNU General Public License (GPL) |
  |
|
|
memfetch v0.04b |
Linux on-demand process image dumper |
GNU General Public License (GPL) |
  |
|
|
The Sleuth Kit v1.61 |
The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. |
GNU General Public License (GPL) |