ntfs
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 80
ntfs-3g 1.810
ntfs-3g driver is an open source ntfs driver which offers read-write support for NTFS hard drives. more>>
ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver for 32-bit, little-endian architectures which was implemented by the Linux-NTFS project. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right.
Technically its based on and a major improvement to the third generation Linux NTFS driver, ntfsmount. The improvements includes functionality, quality and performance enhancements.
The driver currently is in BETA status: before release of this software we havent experienced any driver crashes or data loss during our heavy quality testing, however we are aware of some minor issues which will be resolved in the near future. We listed all of them in a below section.
Installation:
Make sure you have the basic Linux development tools and FUSE (http://fuse.sourceforge.net) is correctly installed on your computer then type:
./configure
make
make install # or sudo make install if you arent root.
Usage:
If there was no error during installation then you can mount NTFS volumes for read-write access (unmount them if they were already mounted by another NTFS driver.)
ntfs-3g /dev/hda1 /mnt/windows
If you want to give full access for all users, ignore permission related driver messages, and make national characters visible then use (drop or replace the below hu_HU.utf8 with the appropriate setting, and also the device and mount points, if needed).
ntfs-3g /dev/hda1 /mnt/windows -o silent,umask=0,locale=hu_HU.utf8
Please see the ntfs-3g manual page for more options and examples.
You can also make NTFS to be mounted during boot by ensuring that the FUSE kernel module is automatically loaded and by putting the below line into /etc/fstab
/dev/hda1 /mnt/windows ntfs-3g silent,umask=0,locale=hu_HU.utf8 0 0
<<lessTechnically its based on and a major improvement to the third generation Linux NTFS driver, ntfsmount. The improvements includes functionality, quality and performance enhancements.
The driver currently is in BETA status: before release of this software we havent experienced any driver crashes or data loss during our heavy quality testing, however we are aware of some minor issues which will be resolved in the near future. We listed all of them in a below section.
Installation:
Make sure you have the basic Linux development tools and FUSE (http://fuse.sourceforge.net) is correctly installed on your computer then type:
./configure
make
make install # or sudo make install if you arent root.
Usage:
If there was no error during installation then you can mount NTFS volumes for read-write access (unmount them if they were already mounted by another NTFS driver.)
ntfs-3g /dev/hda1 /mnt/windows
If you want to give full access for all users, ignore permission related driver messages, and make national characters visible then use (drop or replace the below hu_HU.utf8 with the appropriate setting, and also the device and mount points, if needed).
ntfs-3g /dev/hda1 /mnt/windows -o silent,umask=0,locale=hu_HU.utf8
Please see the ntfs-3g manual page for more options and examples.
You can also make NTFS to be mounted during boot by ensuring that the FUSE kernel module is automatically loaded and by putting the below line into /etc/fstab
/dev/hda1 /mnt/windows ntfs-3g silent,umask=0,locale=hu_HU.utf8 0 0
Download (0.54MB)
Added: 2007-08-10 License: GPL (GNU General Public License) Price:
537 downloads
Linux NTFS 1.13.1
Linux NTFS provides Linux kernel drivers and tools to create, resize, clone, rescue, query, label and fix NTFS volumes. more>>
Linux NTFS provides Linux kernel drivers, a multiplatform NTFS library, and tools to create, resize, clone, rescue, query, label and fix NTFS volumes, and to undelete, resize, list, and query files for the filesystem used by Windows XP, 2003, 2000, NT4, and Longhorn.
Linux NTFS also provides support for the Logical Disk Manager (LDM) that controls Windows Dynamic Disks and is used to create software mirrors, stripes, and RAID.
Enhancements:
- Many improvements and fixes were made for all known problems to ntfsmount, ntfscluster, mkntfs, ntfsclone, ntfsinfo, and libntfs.
<<lessLinux NTFS also provides support for the Logical Disk Manager (LDM) that controls Windows Dynamic Disks and is used to create software mirrors, stripes, and RAID.
Enhancements:
- Many improvements and fixes were made for all known problems to ntfsmount, ntfscluster, mkntfs, ntfsclone, ntfsinfo, and libntfs.
Download (0.23MB)
Added: 2006-06-21 License: Public Domain Price:
1236 downloads
Ntfs-config 1.0.1
Ntfs-config project can enable/disable NTFS write support with a simple click. more>>
Ntfs-config project can enable/disable NTFS write support with a simple click.
After year of developpement, a new NTFS drivers with full safe write capability is coming. Is name : ntfs-3g.
The driver status is still beta, but read/write feature is stable, and it is already use by thousands of people around the world.
The main point people are struggle with, is how configuring their system to be able to use it.
The aim of the ntfs-config project is to make life of people easier, by providing an easy way to enable/disable write capability for all their device, internal or external.
Main features:
- Automatic detection of none yet configure NTFS partition
- Enable/disable write support for internal device
- Enable/disable write support for external device
<<lessAfter year of developpement, a new NTFS drivers with full safe write capability is coming. Is name : ntfs-3g.
The driver status is still beta, but read/write feature is stable, and it is already use by thousands of people around the world.
The main point people are struggle with, is how configuring their system to be able to use it.
The aim of the ntfs-config project is to make life of people easier, by providing an easy way to enable/disable write capability for all their device, internal or external.
Main features:
- Automatic detection of none yet configure NTFS partition
- Enable/disable write support for internal device
- Enable/disable write support for external device
Download (0.037MB)
Added: 2007-07-17 License: GPL (GNU General Public License) Price:
513 downloads
Scrounge NTFS 0.8.6
Scrounge NTFS is a data recovery program for NTFS filesystems. more>>
Data recovery program for NTFS file systems. Reads each block of the hard disk to and retrieves rebuilds file system tree on another partition.
I wrote this program when one of my friends lost valuable data on an NTFS drive. It been used since then in several cases, but not thoroughly tested, especially not WRT the fact that its a data recovery program.
You should have your partition information stored away in advance. This allows reliable retrieval of file info.
Enhancements:
- Dont exit on error reading source drive
- Fixed core dump when attribute list, but no MFT loaded
<<lessI wrote this program when one of my friends lost valuable data on an NTFS drive. It been used since then in several cases, but not thoroughly tested, especially not WRT the fact that its a data recovery program.
You should have your partition information stored away in advance. This allows reliable retrieval of file info.
Enhancements:
- Dont exit on error reading source drive
- Fixed core dump when attribute list, but no MFT loaded
Download (0.099MB)
Added: 2005-04-08 License: BSD License Price:
923 downloads
Paragon NTFS for Linux 2.0
Gain full access to NTFS partitions under Linux more>> Paragon NTFS for Linux gives transparent access to any NTFS partition under Linux operating system. So you and any application can browse these drives, read and change files, copy and create new files and folders. Everything absolutely transparently ?just like with ?ative?Ext2FS, Ext3FS or ReiserFS file system.
This download package is FREE and contains full functional Paragon NTFS for Linux drivers for the most popular Linux distributions with their default kernels only: Red Hat Enterprise 4 (SW), Fedora Core 4, Mandriva 10.2, SUSE 9.3. If you have any other Linux distribution or have already changed the default kernel, you will not probably be able to use this driver. If you are interested in buying or evaluating Paragon NTFS for Linux driver for any Linux distribution you should go to http://www.ntfs-linux.com/index.htm.
Note: This package contains Paragon NTFS for Linux demo version as well. The demo version mounts NTFS partitions in read-only mode only but you can install it to any Linux distribution.<<less
Download (2447K)
Added: 2009-04-14 License: Freeware Price: $FREE
192 downloads
TSKmount-Fuse 0.03
TSKmount-Fuse is the filesystem of deleted files. more>>
TSKmount-Fuse is the filesystem of deleted files.
TSKmount, is a free Fuse filesystem written in perl and based on The Sleuth Kit tools. It is intended to provide an easy way to recover deleted files over ext2, fat and ntfs filesystems.
Short HowTo:
Mounting device /dev/hda5 on /tmp/fuse empty directory:
tskmount /dev/hda5 /tmp/fuse
### wait the "Ready" message before going to /tmp/fuse ###
Unmounting filesystem:
fusermount -u /tmp/fuse
See common options:
tskmount --help
<<lessTSKmount, is a free Fuse filesystem written in perl and based on The Sleuth Kit tools. It is intended to provide an easy way to recover deleted files over ext2, fat and ntfs filesystems.
Short HowTo:
Mounting device /dev/hda5 on /tmp/fuse empty directory:
tskmount /dev/hda5 /tmp/fuse
### wait the "Ready" message before going to /tmp/fuse ###
Unmounting filesystem:
fusermount -u /tmp/fuse
See common options:
tskmount --help
Download (0.017MB)
Added: 2007-08-21 License: GPL (GNU General Public License) Price:
794 downloads
Auto-autofs 1.8
Auto-autofs is a Perl script that searches the hardware for block devices using the /proc directory. more>>
Auto-autofs is a Perl script that searches the hardware for block devices using the /proc directory. The project finds partitions on harddisks via fdisk and tries to detect the filesystems.
The script generates also automounter entries for all ISO (or other loopback) files in special folders.
It creates a configuration file (automounter map) or works as a configuration program for automount.
Also a HTML file with all devices will be generated, so its possible to mount (and umount) partitions by clicking on a link.
Main features:
- Finds IDE and SCSI block devices via /proc
- Finds partitions on harddisks
- Filesystem and disk size detection via fdisk
- Gives the Devices automatically a fitting name (cdrom, cdwriter, zip, part etc.)
- By more than one device the names will be numbered (cdrom, cdrom1, cdrom2 etc)
- Its possible to give devices an alias (/dev/hdd1 -> "export")
- Volume or partition label support (for ext2, ext3, udf, isofs, reiserfs, ntfs and vfat)
- more filesystems can be added
- Support for Audio and Video CDROMs (see README file) (NEW)
- Support for IDE-SCSI Emulation
- Support for umount/eject
- Configurable commands
- With Icons (32x32 or 16x16) from KDE
- Support for ISO Files and other loop back files
- Add your devices as QuickBrowser to your KDE Panel
- Free configurable
- Automatically configuration
- Automatically creates symbolic links (/dev/cdrom --> /dev/scd0)
- I18n support
Enhancements:
- removed some kde stuff
- syntax change of index.html
- change default access rights
- bugfixes
<<lessThe script generates also automounter entries for all ISO (or other loopback) files in special folders.
It creates a configuration file (automounter map) or works as a configuration program for automount.
Also a HTML file with all devices will be generated, so its possible to mount (and umount) partitions by clicking on a link.
Main features:
- Finds IDE and SCSI block devices via /proc
- Finds partitions on harddisks
- Filesystem and disk size detection via fdisk
- Gives the Devices automatically a fitting name (cdrom, cdwriter, zip, part etc.)
- By more than one device the names will be numbered (cdrom, cdrom1, cdrom2 etc)
- Its possible to give devices an alias (/dev/hdd1 -> "export")
- Volume or partition label support (for ext2, ext3, udf, isofs, reiserfs, ntfs and vfat)
- more filesystems can be added
- Support for Audio and Video CDROMs (see README file) (NEW)
- Support for IDE-SCSI Emulation
- Support for umount/eject
- Configurable commands
- With Icons (32x32 or 16x16) from KDE
- Support for ISO Files and other loop back files
- Add your devices as QuickBrowser to your KDE Panel
- Free configurable
- Automatically configuration
- Automatically creates symbolic links (/dev/cdrom --> /dev/scd0)
- I18n support
Enhancements:
- removed some kde stuff
- syntax change of index.html
- change default access rights
- bugfixes
Download (0.037MB)
Added: 2007-06-12 License: GPL (GNU General Public License) Price:
865 downloads
libguestfs 1.0.64
libguestfs functions as a helpful library for accessing and modifying guest disk images. more>>
libguestfs 1.0.64 functions as a helpful library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests, viewing and editing files inside guests, getting disk used/free statistics (see also: virt-df), migrating between virtualization systems (see also: virt-p2v), performing partial backups, performing partial guest clones, cloning guests and changing registry/UUID/hostname info, and much else besides.
Major Features:
- libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different disk partition schemes, qcow, qcow2, vmdk.
- libguestfs provides ways to enumerate guest storage (eg. partitions, LVs, what filesystem is in each LV, etc.). It can also run commands in the context of the guest. Also you can upload and download files and directories.
- libguestfs is a library that can be linked with C and C++ management programs (or management programs written in OCaml, Perl, Python, Ruby, Java or Haskell). You can also use it from shell scripts or the command line.
Added: 2009-07-24 License: LGPL v2 Price: FREE
1 downloads
anyfs-tools 0.84.12
anyfs-tools is a unix-way toolset for recovering and converting filesystems. more>>
anyfs-tools is a unix-way toolset for recovering and converting filesystems.
SYNOPSIS
build_it [-qvV] directory inode_table
anysurrect [-b blocksize] [-i input_inode_table] [-p path_prefix] [-u file_umask] [-U dir_umask] [-qvV] device inode_table
reblock [-nqvV] inode_table device blocksize
build_e2fs [ -c|-l filename ] [-b blocksize] [-f fragment-size] [-g blocks-per-group] [-i bytes-per-inode] [-j] [-J journal-options] [-N number-of-inodes] [-n] [-m reserved-blocks-percentage] [-o creator-os] [-O feature[,...]] [-q] [-r fs-revision-level] [-R raid-options] [-v] [-F] [-L volume-label] [-M last-mounted-directory] [-S] [-T filesystem-type] [-V] inode_table device [blocks-count]
mount -t any -o inodetable=file.it[,other_mount_options] device dir
build_it reads from directory recursively information about all filesystem inodes using filesystem driver (read-only maybe) for Linux OS and saves it to external inode table.
anysurrect search on device files proceeds from knowing different file types structure. Information about founded files also saves to external inode table.
reblock change filesystem block size. reblock using information from inode table change each files fragments placing so, that it was align by blocks bounds with new size.
build_e2fs proceeds from external inode table information for building ext2fs filesystems on device.
anyfs filesystem driver for Linux allows to mount device using inode table information. At mounted filesystem will be allow so file operations as deleting, moving files; making symbolic and hard links, special files; changing file access permissions. All this changes saves on unmounting to the same external inode table file and doesnt affect the device.
Usage:
Convert filesystems
anyfs-tools allows to convert filesystems. The only one requirement for source filesystem exist: there is must be FIBMAP system call ioctl(2) support in the filesystem driver (maybe read-only) for Linux OS.
Destination filesystem at that moment maybe only ext2fs. But its quite possible, that in future there are will other filesystem building support. At the first it must be interest for filesystem maintainers so as existing of convenient tool for converting of other filesystems to their one, not requesting much free space for saving of all user data, certainty will increase of the filesystem users.
In general, an applying anyfs-tools order for filesystem converting must be next:
1) build_it for reading all informaton about files placing and access permissions and saving it to external inode table file.;
2) anyfs driver for checking existence of all needed files and maybe searching of files requiring of separately saving (e.g, files eith size less than 4 Kb for ReiserFS);
3) maybe reblock for changing filesystem blocksize in occurence when destination filesystem dont support the same blocksize for this device, that source one;
4) at last ext2fs filesystem builds by build_e2fs.
Recovering damaged filesystem
For recovering files from filesystem at first intended anysurrect. After it using possible applying of anyfs filesystem drive for founded files viewing and maybe reading and saving it to another filesystem. Driver also may allow to sort files into directories so as user need in it, rename files as it necessary. At last also possible to build new filesystem with help of build_e2fs.
Recovering files from not damaged filesystem
For file recovering an aplying anyfs-tools tools order is the same that for recovering damaged filesystem excepting that at the begining you must execute build_it for reading about present filesystem file placing.
Enhancements:
- Fix anyfs building with kernel version >=2.6.19
- Some other building fix
- Fix new (from v0.84.10) i/o buffer bug in anysurrect.
- Extremally optimize anysurrect.
- Add -s option to build_it.
- Add support of converting from ntfs-3g by anyconvertfs.
<<lessSYNOPSIS
build_it [-qvV] directory inode_table
anysurrect [-b blocksize] [-i input_inode_table] [-p path_prefix] [-u file_umask] [-U dir_umask] [-qvV] device inode_table
reblock [-nqvV] inode_table device blocksize
build_e2fs [ -c|-l filename ] [-b blocksize] [-f fragment-size] [-g blocks-per-group] [-i bytes-per-inode] [-j] [-J journal-options] [-N number-of-inodes] [-n] [-m reserved-blocks-percentage] [-o creator-os] [-O feature[,...]] [-q] [-r fs-revision-level] [-R raid-options] [-v] [-F] [-L volume-label] [-M last-mounted-directory] [-S] [-T filesystem-type] [-V] inode_table device [blocks-count]
mount -t any -o inodetable=file.it[,other_mount_options] device dir
build_it reads from directory recursively information about all filesystem inodes using filesystem driver (read-only maybe) for Linux OS and saves it to external inode table.
anysurrect search on device files proceeds from knowing different file types structure. Information about founded files also saves to external inode table.
reblock change filesystem block size. reblock using information from inode table change each files fragments placing so, that it was align by blocks bounds with new size.
build_e2fs proceeds from external inode table information for building ext2fs filesystems on device.
anyfs filesystem driver for Linux allows to mount device using inode table information. At mounted filesystem will be allow so file operations as deleting, moving files; making symbolic and hard links, special files; changing file access permissions. All this changes saves on unmounting to the same external inode table file and doesnt affect the device.
Usage:
Convert filesystems
anyfs-tools allows to convert filesystems. The only one requirement for source filesystem exist: there is must be FIBMAP system call ioctl(2) support in the filesystem driver (maybe read-only) for Linux OS.
Destination filesystem at that moment maybe only ext2fs. But its quite possible, that in future there are will other filesystem building support. At the first it must be interest for filesystem maintainers so as existing of convenient tool for converting of other filesystems to their one, not requesting much free space for saving of all user data, certainty will increase of the filesystem users.
In general, an applying anyfs-tools order for filesystem converting must be next:
1) build_it for reading all informaton about files placing and access permissions and saving it to external inode table file.;
2) anyfs driver for checking existence of all needed files and maybe searching of files requiring of separately saving (e.g, files eith size less than 4 Kb for ReiserFS);
3) maybe reblock for changing filesystem blocksize in occurence when destination filesystem dont support the same blocksize for this device, that source one;
4) at last ext2fs filesystem builds by build_e2fs.
Recovering damaged filesystem
For recovering files from filesystem at first intended anysurrect. After it using possible applying of anyfs filesystem drive for founded files viewing and maybe reading and saving it to another filesystem. Driver also may allow to sort files into directories so as user need in it, rename files as it necessary. At last also possible to build new filesystem with help of build_e2fs.
Recovering files from not damaged filesystem
For file recovering an aplying anyfs-tools tools order is the same that for recovering damaged filesystem excepting that at the begining you must execute build_it for reading about present filesystem file placing.
Enhancements:
- Fix anyfs building with kernel version >=2.6.19
- Some other building fix
- Fix new (from v0.84.10) i/o buffer bug in anysurrect.
- Extremally optimize anysurrect.
- Add -s option to build_it.
- Add support of converting from ntfs-3g by anyconvertfs.
Download (0.24MB)
Added: 2007-07-29 License: GPL (GNU General Public License) Price:
826 downloads
FTimes 3.8.0
FTimes is a system baselining and evidence collection tool. more>>
FTimes is a system baselining and evidence collection tool. FTimess primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.
FTimes is a lightweight tool in the sense that it doesnt need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface.
Preserving records of all activity that occurs during a snapshot is important for intrusion analysis and evidence admissibility. For this reason, FTimes was designed to log four types of information: configuration settings, progress indicators, metrics, and errors. Output produced by FTimes is delimited text, and therefore, is easily assimilated by a wide variety of existing tools.
FTimes basically implements two general capabilities: file topography and string search. File topography is the process of mapping key attributes of directories and files on a given file system. String search is the process of digging through directories and files on a given file system while looking for a specific sequence of bytes. Respectively, these capabilities are referred to as map mode and dig mode.
FTimes supports two operating environments: workbench and client-server. In the workbench environment, the operator uses FTimes to do things such as examine evidence (e.g., a disk image or files from a compromised system), analyze snapshots for change, search for files that have specific attributes, verify file integrity, and so on. In the client-server environment, the focus shifts from what the operator can do locally to how the operator can efficiently monitor, manage, and aggregate snapshot data for many hosts. In the client-server environment, the primary goal is to move collected data from the host to a centralized system, known as an Integrity Server, in a secure and authenticated fashion. An Integrity Server is a hardened system that has been configured to handle FTimes GET, PING, and PUT HTTP/S requests.
The FTimes distribution contains a script called nph-ftimes.cgi that may be used in conjunction with a Web server to implement a public Integrity Server interface. Deeper topics such as the construction and internal mechanics of an Integrity Server are not addressed here.
Main features:
- FTimes is easy to use and fast! The rest is pure gravy...
- FTimes has been written in C and ported to many popular OSes such as AIX, BSDi, FreeBSD, HP-UX, Linux, Solaris, and Windows 98/ME/NT/2K/XP. FTimes does not require additional runtime support such as a script interpreter (e.g., Perl) or a Virtual Machine (e.g., JVM).
- FTimes does not need to be installed on the clients machine. In many cases it can be run from a floppy or CDROM. Because of this, FTimes can be configured such that it is minimally invasive to the target system. This is important when trying to collect evidence of an attack on a live system.
- FTimes has thorough logging. This helps to increase its credibility and admissibility as evidence because the log information can be used to determine the known or potential error rate of the tool under various conditions. FTimes logs four types of information: configuration settings, progress indicators, metrics, and errors.
- FTimes detects and encodes non-printable characters (e.g., white space, carriage returns, etc.) in filenames. This ensures that your view of the output is not artificially altered by the data you are looking at. The URL encoding scheme used also helps you to quickly focus in on anomalous filenames.
- FTimes detects and processes Alternate Data Streams (ADS) when running on Windows NT/2K/XP systems. This is quite useful in cases where the perpetrator has used Alternate Data Streams to hide tools and information.
- FTimes output is delimited ASCII, and therefore, is conducive to analysis. This output can be assimilated using standard database technology as well as a wide array of existing tools. This makes it more flexible than proprietary database schemes that are essentially opaque to the practitioner. Ultimately, this format yields better analysis results because the practitioner is able to manipulate data freely, and peers may independently verify analysis results. Again, this helps to strengthen its credibility and admissibility as evidence.
- FTimes can be deployed as an enterprise solution with all information being transmitted to and preserved on a hardened Integrity Server. This allows for centralized management of data, and avoids the problem of leaving data exposed on a clients system. Data stored on a clients system is vulnerable to malicious modification or destruction.
- FTimes natively supports client initiated HTTP/HTTPS uploads/downloads. This eliminates the need for boundary devices such as firewalls to have a special inbound connection rules. Furthermore, theres a good chance that existing boundary devices already support the required outbound communications path because it is the same as that needed to browse the Web.
- FTimes provides an efficient string search capability (a.k.a. dig mode). This is particularly useful in investigations when the practitioner has a profile of key words or byte strings that are likely to exist somewhere on the target system.
- FTimes optionally supports device file digging (block/character).
- FTimes output is configurable on a per attribute basis. This allows users to develop data in a way thats best suited to their needs.
- FTimes optionally produces directory hashes. This is a significant analysis advantage in situations where content rarely changes. The advantage is that one hash effectively represents the content of all directories and files contained in a given tree.
- FTimes optionally produces symlink hashes.
- FTimes optionally performs file typing via XMagic. When there are hundreds or thousands of unknown hashes, it is difficult to determine which files may have changed as a result of a malicious act. In these situations, type information can be used to categorize files and prioritize the order in which they are examined.
- FTimes has an extremely fast, tunable compare capability. This enables the practitioner to quickly analyze snapshots and determine change.
Enhancements:
Version 3.8.0 is a minor release of FTimes. Generally, code was cleaned up and refined as necessary. Several bugs have been fixed -- see the ChangeLog for details. This release includes support for SHA256 hashes, include/exclude filters, and a number of additional file systems (DATAPLOW_ZFS, NTFS-3G, NWCOMPAT, UDF). HashDig utilities have been updated to support SHA1 and SHA256 hashes, and the
following tools have been been added to the project:
ftimes-crv2dbi.pl, ftimes-dig2dbi.pl, hashdig-find.pl, and tarmap. Note that documentation is no longer built at release time, and that means your build system must include the necessary tools to create the documentation -- see the Requirements Section in README.INSTALL for additional details. Since SF officially discontinued compile farm support on 2007-02-08, this project is no longer able to build/test releases in the manner and scale that it did before. Unfortunately, this may result in platform-specific issues that go unnoticed until they are discovered by someone in the field.
<<lessFTimes is a lightweight tool in the sense that it doesnt need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface.
Preserving records of all activity that occurs during a snapshot is important for intrusion analysis and evidence admissibility. For this reason, FTimes was designed to log four types of information: configuration settings, progress indicators, metrics, and errors. Output produced by FTimes is delimited text, and therefore, is easily assimilated by a wide variety of existing tools.
FTimes basically implements two general capabilities: file topography and string search. File topography is the process of mapping key attributes of directories and files on a given file system. String search is the process of digging through directories and files on a given file system while looking for a specific sequence of bytes. Respectively, these capabilities are referred to as map mode and dig mode.
FTimes supports two operating environments: workbench and client-server. In the workbench environment, the operator uses FTimes to do things such as examine evidence (e.g., a disk image or files from a compromised system), analyze snapshots for change, search for files that have specific attributes, verify file integrity, and so on. In the client-server environment, the focus shifts from what the operator can do locally to how the operator can efficiently monitor, manage, and aggregate snapshot data for many hosts. In the client-server environment, the primary goal is to move collected data from the host to a centralized system, known as an Integrity Server, in a secure and authenticated fashion. An Integrity Server is a hardened system that has been configured to handle FTimes GET, PING, and PUT HTTP/S requests.
The FTimes distribution contains a script called nph-ftimes.cgi that may be used in conjunction with a Web server to implement a public Integrity Server interface. Deeper topics such as the construction and internal mechanics of an Integrity Server are not addressed here.
Main features:
- FTimes is easy to use and fast! The rest is pure gravy...
- FTimes has been written in C and ported to many popular OSes such as AIX, BSDi, FreeBSD, HP-UX, Linux, Solaris, and Windows 98/ME/NT/2K/XP. FTimes does not require additional runtime support such as a script interpreter (e.g., Perl) or a Virtual Machine (e.g., JVM).
- FTimes does not need to be installed on the clients machine. In many cases it can be run from a floppy or CDROM. Because of this, FTimes can be configured such that it is minimally invasive to the target system. This is important when trying to collect evidence of an attack on a live system.
- FTimes has thorough logging. This helps to increase its credibility and admissibility as evidence because the log information can be used to determine the known or potential error rate of the tool under various conditions. FTimes logs four types of information: configuration settings, progress indicators, metrics, and errors.
- FTimes detects and encodes non-printable characters (e.g., white space, carriage returns, etc.) in filenames. This ensures that your view of the output is not artificially altered by the data you are looking at. The URL encoding scheme used also helps you to quickly focus in on anomalous filenames.
- FTimes detects and processes Alternate Data Streams (ADS) when running on Windows NT/2K/XP systems. This is quite useful in cases where the perpetrator has used Alternate Data Streams to hide tools and information.
- FTimes output is delimited ASCII, and therefore, is conducive to analysis. This output can be assimilated using standard database technology as well as a wide array of existing tools. This makes it more flexible than proprietary database schemes that are essentially opaque to the practitioner. Ultimately, this format yields better analysis results because the practitioner is able to manipulate data freely, and peers may independently verify analysis results. Again, this helps to strengthen its credibility and admissibility as evidence.
- FTimes can be deployed as an enterprise solution with all information being transmitted to and preserved on a hardened Integrity Server. This allows for centralized management of data, and avoids the problem of leaving data exposed on a clients system. Data stored on a clients system is vulnerable to malicious modification or destruction.
- FTimes natively supports client initiated HTTP/HTTPS uploads/downloads. This eliminates the need for boundary devices such as firewalls to have a special inbound connection rules. Furthermore, theres a good chance that existing boundary devices already support the required outbound communications path because it is the same as that needed to browse the Web.
- FTimes provides an efficient string search capability (a.k.a. dig mode). This is particularly useful in investigations when the practitioner has a profile of key words or byte strings that are likely to exist somewhere on the target system.
- FTimes optionally supports device file digging (block/character).
- FTimes output is configurable on a per attribute basis. This allows users to develop data in a way thats best suited to their needs.
- FTimes optionally produces directory hashes. This is a significant analysis advantage in situations where content rarely changes. The advantage is that one hash effectively represents the content of all directories and files contained in a given tree.
- FTimes optionally produces symlink hashes.
- FTimes optionally performs file typing via XMagic. When there are hundreds or thousands of unknown hashes, it is difficult to determine which files may have changed as a result of a malicious act. In these situations, type information can be used to categorize files and prioritize the order in which they are examined.
- FTimes has an extremely fast, tunable compare capability. This enables the practitioner to quickly analyze snapshots and determine change.
Enhancements:
Version 3.8.0 is a minor release of FTimes. Generally, code was cleaned up and refined as necessary. Several bugs have been fixed -- see the ChangeLog for details. This release includes support for SHA256 hashes, include/exclude filters, and a number of additional file systems (DATAPLOW_ZFS, NTFS-3G, NWCOMPAT, UDF). HashDig utilities have been updated to support SHA1 and SHA256 hashes, and the
following tools have been been added to the project:
ftimes-crv2dbi.pl, ftimes-dig2dbi.pl, hashdig-find.pl, and tarmap. Note that documentation is no longer built at release time, and that means your build system must include the necessary tools to create the documentation -- see the Requirements Section in README.INSTALL for additional details. Since SF officially discontinued compile farm support on 2007-02-08, this project is no longer able to build/test releases in the manner and scale that it did before. Unfortunately, this may result in platform-specific issues that go unnoticed until they are discovered by someone in the field.
Download (0.41MB)
Added: 2007-04-15 License: GPL (GNU General Public License) Price:
551 downloads
INSERT 1.3.9b
INSERT aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. more>>
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more.
INSERT provides full read-write support for NTFS partitions (using captive), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It also has a network boot facility.
Main features:
- full read-write support for NTFS-partitions using captive
- support for various file system types: EXT2,EXT3,MINIX,REISERFS,JFS,XFS,NTFS,FAT,MSDOS,NFS,SMBFS,NCPFS,UDF,UFS,HFS,HFS+
- support for linux software RAID and LVM
- support for WLAN adapters
- network analysis (e.g. nmap, tcpdump)
- disaster recovery (e.g. parted, gpart, partimage, testdisk, recover)
- virus scanning (Clam Antivirus)
- computer forensics (e.g. chkrootkit, rootkit hunter)
- surf the internet (e.g. links-hacked, AxY FTP)
- network boot server to boot network boot enabled clients that cannot boot from the CD
- based on Linux kernel 2.4.27 and Knoppix 3.6
<<lessINSERT provides full read-write support for NTFS partitions (using captive), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It also has a network boot facility.
Main features:
- full read-write support for NTFS-partitions using captive
- support for various file system types: EXT2,EXT3,MINIX,REISERFS,JFS,XFS,NTFS,FAT,MSDOS,NFS,SMBFS,NCPFS,UDF,UFS,HFS,HFS+
- support for linux software RAID and LVM
- support for WLAN adapters
- network analysis (e.g. nmap, tcpdump)
- disaster recovery (e.g. parted, gpart, partimage, testdisk, recover)
- virus scanning (Clam Antivirus)
- computer forensics (e.g. chkrootkit, rootkit hunter)
- surf the internet (e.g. links-hacked, AxY FTP)
- network boot server to boot network boot enabled clients that cannot boot from the CD
- based on Linux kernel 2.4.27 and Knoppix 3.6
Download (59.3MB)
Added: 2007-02-28 License: GPL (GNU General Public License) Price:
975 downloads
Mint 2.2 Beta
Mint is a small X toolbar that can switch network configurations in a few keystrokes. more>>
Mint is a small X toolbar that can switch network configurations in a few keystrokes. Mint enables you to change your network configurations in a few keystrokes. It supports DHCP and static addresses, and can execute an authentication script when it changes the configuration. It also displays a clock and a battery meter.
mint displays the name of current network configuration. It also displays a clock and a battery meter. The battery meter shows the percentage of remaining battery life and appends a `+ to the battery life when AC power is connected.
Since it changes network configuration, mint must be run setuid root. It safely invokes the authentication script as the user who started mint, not root.
mint provides a network configuration called "off" to shutdown the network interface. mint displays "?" if it does not recognize the current network configuration. It displays "xx" if the network interface does not exist.
The authentication script is run in the background. When you switch network configuration, mint kills any previously running authentication script. For DHCP configurations, mint does does not run the authentication script if the DHCP request fails.
DHCP support is made by the "dhcpcd" command, which mint expects to find in /sbin. dhcpcd should have come with your Linux distribution; if not you can get it from http://www.phystech.com/download/dhcpcd.html.
Enhancements:
- The beta version of Bianca was released and is available for download. Bianca comes with two brand new themes: Bianca-Blue and Bianca-Green which give the distribution a whole new minty look. Only one panel at the bottom, a Slab-like menu, new default icons. The following applications were added to Bianca: mintMenu, a replacement for the GNOME menu; mintConfig, a Control Center application; mintDisk, a program which automatically mounts FAT32 and NTFS partitions; mintDesktop, which now comes as a package, has a graphical configuration front-end; mintWifi, which now comes as a package.
<<lessmint displays the name of current network configuration. It also displays a clock and a battery meter. The battery meter shows the percentage of remaining battery life and appends a `+ to the battery life when AC power is connected.
Since it changes network configuration, mint must be run setuid root. It safely invokes the authentication script as the user who started mint, not root.
mint provides a network configuration called "off" to shutdown the network interface. mint displays "?" if it does not recognize the current network configuration. It displays "xx" if the network interface does not exist.
The authentication script is run in the background. When you switch network configuration, mint kills any previously running authentication script. For DHCP configurations, mint does does not run the authentication script if the DHCP request fails.
DHCP support is made by the "dhcpcd" command, which mint expects to find in /sbin. dhcpcd should have come with your Linux distribution; if not you can get it from http://www.phystech.com/download/dhcpcd.html.
Enhancements:
- The beta version of Bianca was released and is available for download. Bianca comes with two brand new themes: Bianca-Blue and Bianca-Green which give the distribution a whole new minty look. Only one panel at the bottom, a Slab-like menu, new default icons. The following applications were added to Bianca: mintMenu, a replacement for the GNOME menu; mintConfig, a Control Center application; mintDisk, a program which automatically mounts FAT32 and NTFS partitions; mintDesktop, which now comes as a package, has a graphical configuration front-end; mintWifi, which now comes as a package.
Download (698MB)
Added: 2007-02-01 License: GPL (GNU General Public License) Price:
1044 downloads
Knoppix STD 0.1
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. more>>
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. Its a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
STD is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. STD assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, its best you start with another live Distro like Knoppix to practice the basics.
STD tools are divided into the following categories:
- authentication
- encryption
- forensics
- firewall
- honeypot
- ids
- network utilities
- password tools
- servers
- packet sniffers
- tcp tools
- tunnels
- vulnerability assessment
- wireless tools
Enhancements:
- Eliminated all windows managers except fluxbox
- built kernel from kernel.org 2.4.21 src. added ntfs/rw, superfreeswan and openmosix patches.
- ntfs rw is very limited. You can basically only modify existing files and only if you dont change the size. Good for making basic registry changes.
- Superfreeswan adds IPSEC support for VPNs.
- OpenMosix adds clustering support with automatic discovery of other nodes.
- Added /usr/bin/tunnels category
- Eliminated /usr/bin/pen-test category and moved tools to /usr/bin/vuln-test
- Moved some tools in /usr/bin/sniff to /usr/bin/tcp-tools
- Eliminated /usr/bin/pen-test category and moved tools to /usr/bin/vuln-test
- ACID/MySQL/Snort configured to work automatically
- update nessus plugins, clamAV signatures, and snort signatures
- If you have 640MB of RAM or more you run boot: knoppix toram and free up the CD drive
- patched orinoco driver is the default. no more patch-orinoco
- Kismet updated to 3.0.1 and is pre-configured for orinoco on eth0
- all init scripts now check the knoppix home dir before copying from the CD.This means that if youre using a persistant home dir the init scripts act as restore scripts
- blockall now allows connections from localhost so you can block all external traffic but still run nessus or ntop or kismet or.....
- added many new tools and updated all existing tools
<<lessSTD is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. STD assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, its best you start with another live Distro like Knoppix to practice the basics.
STD tools are divided into the following categories:
- authentication
- encryption
- forensics
- firewall
- honeypot
- ids
- network utilities
- password tools
- servers
- packet sniffers
- tcp tools
- tunnels
- vulnerability assessment
- wireless tools
Enhancements:
- Eliminated all windows managers except fluxbox
- built kernel from kernel.org 2.4.21 src. added ntfs/rw, superfreeswan and openmosix patches.
- ntfs rw is very limited. You can basically only modify existing files and only if you dont change the size. Good for making basic registry changes.
- Superfreeswan adds IPSEC support for VPNs.
- OpenMosix adds clustering support with automatic discovery of other nodes.
- Added /usr/bin/tunnels category
- Eliminated /usr/bin/pen-test category and moved tools to /usr/bin/vuln-test
- Moved some tools in /usr/bin/sniff to /usr/bin/tcp-tools
- Eliminated /usr/bin/pen-test category and moved tools to /usr/bin/vuln-test
- ACID/MySQL/Snort configured to work automatically
- update nessus plugins, clamAV signatures, and snort signatures
- If you have 640MB of RAM or more you run boot: knoppix toram and free up the CD drive
- patched orinoco driver is the default. no more patch-orinoco
- Kismet updated to 3.0.1 and is pre-configured for orinoco on eth0
- all init scripts now check the knoppix home dir before copying from the CD.This means that if youre using a persistant home dir the init scripts act as restore scripts
- blockall now allows connections from localhost so you can block all external traffic but still run nessus or ntop or kismet or.....
- added many new tools and updated all existing tools
Download (497MB)
Added: 2005-05-13 License: GPL (GNU General Public License) Price:
1629 downloads
KANOTIX 2006-01 RC4
KANOTIX is a Linux live CD based on Knoppix technology using Debian/sid. more>>
KANOTIX is a Linux live CD based on Knoppix technology using Debian/sid.
The included XFree86 is from Debian/experimental. The main specs are: GRUB based startup from CD, ACPI support, DMA default on, additional support for DSL modems (Fritz!Card DSL and Eagle USB), optimal for HD install (you get a working Debian/sid install in about 10 minutes!), kernel forcedeth (for nForce NIC), device mapper and some other patches.
Simply boot from CD and enjoy Linux. Some tools may request a root password. As none is set, you have to set one using "sudo passwd" or use "su" in konsole.
Whenever you execute something with root permissions, you should know what you are doing! For web surfing over LAN no root access is required. I am sure you can discover many things to do with it :)
Dont try to write to NTFS partitions using the standard NTFS driver included with the kernel, as its support for writing is very lacking - thus it could destroy the partition and the data in it.
There is a new Captive NTFS driver that does a better job at writing to NTFS, so use it instead. For FAT partitions you can enable write-access with the context menu (right mouse button).
You may not have the rights to modify Linux partitions, use the root mode in konsole if needed. Some links are not working in the menu - that is not my fault - the packages from Debian/sid are very new and may have some little bugs, but you can always use new releases.
<<lessThe included XFree86 is from Debian/experimental. The main specs are: GRUB based startup from CD, ACPI support, DMA default on, additional support for DSL modems (Fritz!Card DSL and Eagle USB), optimal for HD install (you get a working Debian/sid install in about 10 minutes!), kernel forcedeth (for nForce NIC), device mapper and some other patches.
Simply boot from CD and enjoy Linux. Some tools may request a root password. As none is set, you have to set one using "sudo passwd" or use "su" in konsole.
Whenever you execute something with root permissions, you should know what you are doing! For web surfing over LAN no root access is required. I am sure you can discover many things to do with it :)
Dont try to write to NTFS partitions using the standard NTFS driver included with the kernel, as its support for writing is very lacking - thus it could destroy the partition and the data in it.
There is a new Captive NTFS driver that does a better job at writing to NTFS, so use it instead. For FAT partitions you can enable write-access with the context menu (right mouse button).
You may not have the rights to modify Linux partitions, use the root mode in konsole if needed. Some links are not working in the menu - that is not my fault - the packages from Debian/sid are very new and may have some little bugs, but you can always use new releases.
Download (699MB)
Added: 2006-10-03 License: GPL (GNU General Public License) Price:
660 downloads
Other version of KANOTIX
I am sure you can discover many things to do with it :) Dont try to write to NTFS partitions using the standard NTFS driver included with the kernel, as its support for writing is very lacking - thusLicense:GPL (GNU General Public License)
Debian From Scratch 0.99.0
Debian From Scratch is a system to build and use full Debian bootable CD images. more>>
Debian From Scratch is really two systems:
1) a bootable CD for repairing Linux systems or installing Debian;
2) the program that generates the CDs that are used for #1.
You can expect the following from your DFS CD:
* Bootable CD featuring the GNU Grub bootloader. Can be used to boot hard disk partitions even if no hard disk bootloader is present.
* Kernel and userland support for all major filesystems, including ext2, ext3, JFS, XFS, ReiserFS, FAT, VFAT, NTFS, ISO9660, CramFS, tmpfs, and more. Userland support for Reiser4.
* Kernel and userland support for different disk layout schemes including standard partitioning, Logical Volume Manager 2 (LVM2), software RAID, etc.
* Full recovery tools runnable directly from CD, including:
- Filesystem utilities for all mazjor filesystems, including undeletion tools for ext2
- Partition editors (fdisk, cfdisk, parted)
- Text editors (nano, joe, vim, emacs)
- C, Perl, Python, and OCaml development environments. Enough to configure and compile a new kernel and build basic .debs. Kernel 2.6.6 sources included on CD.
- Full networking support, including PPP and various Ethernet cards and DHCP
- Network tools including FTP clients, Web client, ssh, telnet, NFS, smbclient, tcpdump, netcat, etc.
- Backup restoration tools such as rdiff-backup, dump/restore, tar, cpio, amanda client, afbackup client, etc.
- CD and DVD burning tools
- Basic printing tools (cat for local printers, rlpr for remote ones, and netcat for Jetdirect, plus unix2dos for text files and Ghostscript for emergency conversions)
- Mail reader (mutt)
* Base systems for multiple versions of Debian installable directly from CD, including: woody (i386), sarge (i386), sid (i386), and sid (amd64). Alpha CD can install woody, sarge, or sid for Alpha.
* amd64 support: Enough to install or fix an AMD64 system. Includes 64-bit kernel with 32-bit emulation (to run the 32-bit userland on the CD). Also includes 64-bit package for bootstrapping a new AMD64 support. In short, you can boot a 64-bit kernel and be treated as a first-class citizen in almost all respects.
* i386 or x86_64 (amd64) kernels bootable directly from initial boot menu.
* DFS generation scripts support custom kernels, packages, mirrors, compressed ISO images, and a high degree of flexibility.
<<less1) a bootable CD for repairing Linux systems or installing Debian;
2) the program that generates the CDs that are used for #1.
You can expect the following from your DFS CD:
* Bootable CD featuring the GNU Grub bootloader. Can be used to boot hard disk partitions even if no hard disk bootloader is present.
* Kernel and userland support for all major filesystems, including ext2, ext3, JFS, XFS, ReiserFS, FAT, VFAT, NTFS, ISO9660, CramFS, tmpfs, and more. Userland support for Reiser4.
* Kernel and userland support for different disk layout schemes including standard partitioning, Logical Volume Manager 2 (LVM2), software RAID, etc.
* Full recovery tools runnable directly from CD, including:
- Filesystem utilities for all mazjor filesystems, including undeletion tools for ext2
- Partition editors (fdisk, cfdisk, parted)
- Text editors (nano, joe, vim, emacs)
- C, Perl, Python, and OCaml development environments. Enough to configure and compile a new kernel and build basic .debs. Kernel 2.6.6 sources included on CD.
- Full networking support, including PPP and various Ethernet cards and DHCP
- Network tools including FTP clients, Web client, ssh, telnet, NFS, smbclient, tcpdump, netcat, etc.
- Backup restoration tools such as rdiff-backup, dump/restore, tar, cpio, amanda client, afbackup client, etc.
- CD and DVD burning tools
- Basic printing tools (cat for local printers, rlpr for remote ones, and netcat for Jetdirect, plus unix2dos for text files and Ghostscript for emergency conversions)
- Mail reader (mutt)
* Base systems for multiple versions of Debian installable directly from CD, including: woody (i386), sarge (i386), sid (i386), and sid (amd64). Alpha CD can install woody, sarge, or sid for Alpha.
* amd64 support: Enough to install or fix an AMD64 system. Includes 64-bit kernel with 32-bit emulation (to run the 32-bit userland on the CD). Also includes 64-bit package for bootstrapping a new AMD64 support. In short, you can boot a 64-bit kernel and be treated as a first-class citizen in almost all respects.
* i386 or x86_64 (amd64) kernels bootable directly from initial boot menu.
* DFS generation scripts support custom kernels, packages, mirrors, compressed ISO images, and a high degree of flexibility.
Download (614MB)
Added: 2006-04-21 License: GPL (GNU General Public License) Price:
1294 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above ntfs search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
