Free forensic analysis software for linux

Sequence Analysis project is a collage of coding projects which I have written over the past several years for various clients in my work as a bioinformatics consultant.

These clients have graciously allowed me to release these works into the public domain as freeware for Macintosh OS X in order to promote the platform and to encourage migration from Classic.

The upper window panel can hold several sequences, which are both editable and selectable. The tabs in the lower analysis panel try to keep up with the current sequence selection to provide immediate feedback. The selection is used in some modules as only the portion being analyzed for other modules i.e. Digest is used to determine if enzymes cut in the in or outside of the selection.

Most commonly available sequence formats have been reverse engineered. You can also access a sequences from the NCBI via its GID or UID. This currently cannot be done from behind a firewall.

Most of the analyses are simple enough that they are obvious to use, Composition, pI. Others could stand some documenation i.e. Pairwise and Primer Design. The Publish tab uses a string to control the layout. Click on the Legend button for some help.

Net::Analysis are modules for analysing network traffic.

SYNOPSIS

Using an existing analyser:

$ perl -MNet::Analysis -e main help
$ perl -MNet::Analysis -e main TCP,v=1 dump.tcp - basic TCP info
$ perl -MNet::Analysis -e main HTTP,v=1 dump.tcp - HTTP stuff
$ perl -MNet::Analysis -e main Example2,regex=img dump.tcp - run an example

Writing your own analyser:

package MyExample;
use base qw(Net::Analysis::Listener::Base);
# Listen to events from other modules
sub tcp_monologue {
my ($self, $args) = @_;
my ($mono) = $args->{monologue};
my $t = $mono->t_elapsed()->as_number();
my $l = $mono->length();
# Emit your own event
$self->emit(name => example_event,
args => { kb_sec => ($t) ? $l/($t*1024) : N/A }
);
}
# Process your own event
sub example_event {
my ($self, $args) = @_;
printf "Bandwidth: %10.2f KB/secn", $args->{kb_sec};
}
1;
__top

ABSTRACT

Net::Analysis is a suite of modules that parse tcpdump files, reconstruct TCP sessions from the packets, and provide a very lightweight framework for writing protocol anaylsers.
__top

I wanted a batch version of Ethereal in Perl, so I could:

- sift through parsed protocols with structured filters
- write custom reports that mixed events from multiple protocols

So here it is. Net::Analysis is a stack of protocol handlers that emit, and listen for, events.

Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more.

A manpage providing extensive information on NSAT has been included in the distribution. It is available after a make install, or just by typing man doc/nsat.8 from this dir. It is suggested that you inform yourself at least about the -v (scan verbosity) option and edit the configuration file. To learn about changes in this version, please consult doc/CHANGES.

New to this version is support for distributed scanning. The manpage describes how to do a distributed scan. Note that distributed scanning in this version is just a preliminary, proof-of-concept, implementation with no guarantees for its security, reliability, or performance.

Check for updated vulnerability lists, config files, etc. from
http://nsat.sourceforge.net

Currently, these are lists of vulnerabilities:

nsat.cgi (CGI scripts)
nsat.conf (configuration)
src/mod/snmp.h (SNMP community names)

Market Analysis System (MAS) is an open-source software application that provides tools for analysis of financial markets using technical analysis.
Market Analysis System provides facilities for stock charting and futures charting, including price, volume, and a wide range of technical analysis indicators. Market Analysis System also allows automated processing of market data - applying technical analysis indicators with user-selected criteria to market data to automatically generate trading signals - and can be used as the main component of a sophisticated trading system.
Main features:
- Includes basic technical analysis indicators, such as Simple Moving Average, Exponential Moving Average, Stochastic, MACD, RSI, On Balance Volume, and Momentum.
- Includes more advanced indicators, such as Standard Deviation, Slope of EMA of Volume, Slope of MACD Signal Line, Bollinger Bands, and Parabolic SAR.
- User can create new technical analysis indicators, including complex indicators based on existing indicators.
- User can configure criteria for automated trading-signal generation.
- Creation of weekly, monthly, quarterly, and yearly data from daily data.
- Handles intraday data.
- Handles stock and futures data.
- Accepts input data from files, from a database, or from the web. (Includes a configuration for obtaining end-of-day data from yahoo.com.)
- Can be configured and run as a server that provides services for several clients at a time running on remote machines.

Statistical Traffic Analysis Kit is a set of command-line traffic analysis tools, designed to help a network administrator to see what is happening at a router at the moment.

Unlike tcpdump (1), the stak set uses statistical and stream-oriented methods, and will rarely produce an output stream at a speed beyond human perception. The output is less accurate.

The kit consists of five different utilities, designed to perform the following tasks:
estimating overall traffic rates (stakrate),
determining network nodes generating the highest traffic (stakhosts)
monitoring the amount of traffic exchanged with particular autonomous
systems (stakasta),
extracting strings from packets (stakextract),
determining connections and flows generating the highest traffic
(stakstreams, experimental),

SenseClusters is a natural language processing package that allows you to cluster similar contexts or to identify clusters of related words.
SenseClusters supports its own native methods based on first and second order representations of context, and also supports Latent Semantic Analysis. It is fully unsupervised, and can automatically discover the optimal number of clusters in your text.
SenseClusters is a complete system that takes users from preprocessing of raw text to providing clustered output.
Enhancements:
- Full support for Latent Semantic Analysis was introduced.
- Both contexts and words may be clustered using either native SenseClusters methods (first or second order) or Latent Semantic Analysis.

Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface.
The architecture forms an environment where existing forensic tools and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence.
The Open Computer Forensics Architecture aims to be highly modular, robust, fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.
Enhancements:
- This release fixes a memory leak in the evidence library and adds a workaround to limit the impact of a memory-hungry indexer module.

FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts.
FCCU GNU/Linux Forensic Boot CDs main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.
Main features:
- This CD is based on KNOPPIX by Klauss Knopper.
- It is a remaster that I made to use at my work as a computer forensic investigator.
- Its main purpose is to create images copies of devices before analyse.
- It does not use a lot of cpu cycles for unnecessary programs, that is why it drops you to a shell right after the boot.
- It recognizes lots of hardware (Thanks to Klauss Knopper).
- It leaves the target devices unaltered (It does not use the swap partitions found on the devices).
- It contains a lot of tools with forensic purpose.
Enhancements:
- This release adds a new set of tools that allow an investigator to capture the memory from another host trough the Firewire bus, even if the target host is an MS Windows box.
- A new tool to retrieve images from Thumbs.db (MS win thumbnails cache) was added.
- Rdd, a new forensic image acquisition tool, was added.
- A lot of other tools were added and upgraded.