http://www.NSA.gov
"Disk Splicing"
> The American Government has a special facility called "The Defense Computer Forensics Lab" which specializes in retrieving information from computers, no matter what condition of the hardware or disks.
www.DigitalIntelligence.com
>"DriveSpy"
Used for accessing physical drives using pure BIOS (lntl3 or lntl3x) calls, which bypass the operating system while ensuring that the OS won't modify or erase data.
Enables you to:
- Examine hard disk partitions
- Copy files to a designated area without altering file access / modification dates
- Undelete files
- Search drives, partitions, and files for text strings or data sequences
- Store the slack space from an entire partition in a single file for enumeration
- Save and restore one or more contiguous sectors to and from a file
"FREDs" / Forensic Recovery Evidence Devices
"FREDDIES" / (portable versions)
"Forensic Recovery Evidence Device Diminutive Interrogation Equipment"
GUIDANCE SOFTWARE
www.guidancesoftware.com
"EnCase" / Scans a hard disk for graphics files
Computer Forensics
U.S.-based "Electronic Crimes Task Force"
www.ectaskforce.org
Scotland-based "National Hi-Tech Crime Unit"
www.sdea.police.uk/nhtcus.htm
Forensic Tools
www.sleuthkit.org
Computer Secuirty, Cybercrime, and Steganography Resources
www.Forensics.NL
Talisker Secuirty Wizard Portal
www.networkintrusion.co.uk
Alexander Geschonneck Security
www.geschonneck.com/security/forensic.html
Tadayoshi Kohno
Utilize a way to identify individual computers over the internet
"Remote physical device fingerprinting
www.caida.org/outreach/papers/2005/fingerprinting
HexEditors
Enable you to peek at the physical contents stored on a disk
"UltraEdit"
www.IDMCOMP.com
"WinHex"
www.x-ways.net
"VEDIT"
www.vedit.com
"Hex Workshop
www.bpsoft.com
To help organize data, computers divide disks into multiple tracks.
Each track is divided into smaller parts called sectors.
A group of sectors is called a cluster.
When you save data to your disk, your computer stores your file in multiple sectors.
To keep track of which sectors contain which files, every disk contains a special directory, either called:
"File Allocation Table" / "FAT"
"Master File Table" / "MFT"
The FAT or MFT lists all the files stored on the sik along with pointers that identify the exact tracks and sectors that contain each file.
Identity Theft Resource Center = www.IDTHEFTCENTER.org
Federal Trade Commission = www.Consumer.gov/idtheft
Privacy Rights Clearinghouse = www.privacyrights.org/identity.htm
Identity Theft Prevention & Survival = www.identitytheft.org
Fight Identity Theft = www.fightidentitytheft.com
Reverse DNS Lookup
www.zoneedit.com/lookup.html
Verifies that an IP address belongs to a certain domain name
IRS Complaints
NET-ABUSE@nocs.insp.irs.gov
hotline@nocs.insp.irs.gov
DNS Lookup Lists
"SpamCop" / www.spamcop.net
"ORDB" / "Open Relay DataBase" / www.ordb.org
SMTP Server Extractors
"101 Email Address Extractor V2.2.4"
"Petition your representative in congress" / http://e-thepeople.com
"Start a letter-writing campaign to petition American Government Officials"
www.progressivesecretary.org
"Coalition for Networked Information
www.CNI.org
"The Global Internet Liberty Campaign"
www.GILC.org
"The Digital Freedom Network"
www.DFN.org
"The Internet Free Expression Alliance"
www.IFEA.net
"The People's Global Action"
www.nadir.org/nadir/initiativ/agp
"Action Without Borders"
www.idealist.org
"GuideStar"
www.guidestar.org
Activism
www.activism.net
"Cause Communications"
www.causecommunications.com
"Grassroots Enterprise"
www.grassroots.com
"Political Research Associates"
www.publiceye.org
"Post Information"
http://cryptome.org
http://wikileaks.org
"Crimethinc"
www.crimethinc.com
"Infoshop"
http://infoshop.org
"The Independent Media Center"
www.indymedia.org
"The Hacktivist"
www.thehacktivist.com
"Hack This Site"
www.hackthissite.org
"Anarchist Resistance"
http://anarchistresistance.org
"Counter-Inaugural"
http://counter-inaugural.org
U.S. Department of Information Technology
To find a blog:
http://blogsearch.google.com
www.tumblr.com
"Technorati"
www.technorati.com
"Daypop"
www.daypop.com
Anti-Phishing Group
www.antiphishing.org
Phish-Guard
www.phishguard.com
NSLOOKUP : look-up IP Addresses in the DNS
http://www.kloth.net
To get a list of DNS Servers:
FTP://FTP.RS.INTERNIC.net/domain/named.root
FTP://FTP.ORSN.org/ORSN/ORSN.hint
"Dynamic Internet Technology"
www.dit-inc.us
"Open Net Initiative"
www.opennetinitiative.net
"Electronic Frontier Foundation"
www.eff.org
"Electronic Privacy Information Center"
www.epic.org
"Global Internet Library Campaign"
www.gilc.org
To find a proxy server
www.publicproxyservers.com
www.web.freerk.com/proxylist.htm
Connect to a network:
"Peekabooty Project"
www.peek-a-booty.org
Six/Four Program
http://sourceforge.net/projects/sixfour
JAP Anon Proxy
http://anon.inf.tu-dresden.de/index_en.html
Share info online
"http://freenet.sourceforge.net"
Rootkits can delete or modify log files
Log File Analysis Programs
"Analog" / www.analog.cx
"Sawmill" / www.sawmill.net
"Webalizer" / www.mrunix.net/webalizer
Honeypots can assist in tracking hackers
"GFI LAN guard" / www.gfi.com/lannetscan
"IETF RFCs" / www.rfc-editor.org/rfcxxoo.html
"IKECRACK" / http://ikecrack.sourceforge.net
"MAC address vendor lookup" / http://standards.ieee.org/regauth/oui/index.shtml
"OmniPeek" / www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer
"Port Knocking" / http://www.portknocking.org
"Share Enumeration" / http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx
"SuperScan" / www.foundstone.com/us/resources/proddesc/superscan.html
"TCP View" / http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
"WINFO" / www.NTSECURITY.NU
"NMAP" / http://NMAP.org/download.html
"Proxy" / www.parosproxy.org
"Port80" / www.port80software.com/products/servermask
"SiteDigger" / www.foundstone.com/us/resources/proddesc/sitedigger.htm
"SWF Scan" / http://h30406.ww3.hp.com/campaigns/2009/wwcampaign/1-5tuve/index.php?key=swf
"Snort" / www.snort.org
"WebInspect" / www.spidynamics.com/products/webinspect/index.html
"WebGoat" / www.OWASP.org/index.php/category:OWASP_Webgoat_Project
"WS Digger" / www.foundstone.com/us/resources/proddesc/wsdigger.htm
"Foundstones Hacme Tools" / www.foundstone.com/us/resources-free-tools.asp
"Google Hack Honeypot" / http://ghh.sourceforge.net
"NGSSQUIRREL" / www.ngssoftware.com/software.htm
"N-Stealth Web Application Security Scanner" / www.nstalker.com/eng/products/nstealth
"Snare" / www.intersectalliance.com/projects/snare
"PromisDetect" / http://ntsecurity.nu
"Port Sentry" / http://sourceforge.net/projects/sentrytools
"Port Number Lookup" / www.COTSE.com/cgi-bin/port.cgi
"Port Number Listing" / www.iana.org/assignments/port-numbers
www.packetstormsecurity.org
www.wtcs.org/snmp4tpc/getif.htm
Networks
"Arpwatch" / http://linux.maruhn.com/sec/arpwatch.html
"Blast" / www.foundstone.com/us/resources/proddesc/blast.htm
"Cain&Abel" / www.oxid.it/cain.html
"Commview" / www.tamos.com/products/commview
"Essential Net Tools" / www.tamos.com/products/nettools
"EtterCap" / http://ettercap.sourceforge.net
"Google Desktop" / http://desktop.google.com
"Identity Finder" / www.identityfinder.com
"NASANON" / www.isecpartners.com/securingstorage/nasanon.zip
"Center For Internet Security Benchmarks" / www.cisecurity.org
"FORTRES101" / www.fortresgrand.com
"Kevin Beaver"
http://securityonwheels.com
www.twitter.com/kevinbeaver
http://securityonwheels.com/blog
"Open Source Security Testing Methodology Manual" / www.isecom.org/osstmm
"OWASP" / www.owasp.org
"SECURITREE" / www.amenaza.com
"Software Engingeering Institute's OCTAVE methodology" / www.cert.org/octave
"Source Code Analysis"
www.checkmarx.com
www.fortifysoftware.com
www.klocwork.com
www.ouncelabs.com
CHAP Password Tester
www.isecpartners.com
"Effective File Search" / www.sowsoft.com/search.htm
"File Locator Pro" / www.mythicsoft.com/filelocatorpro
"Novell Patches & Security" / http://support.novell.com/patches.html
"Microsoft Technet Security Center" / http://technet.microsoft.com/en-us/security/default.aspx
"Windows Server Update Services from Microsoft" / www.microsoft.com/windowsserversystem/updateservices/default.mspx
Vulnerability DataBases
http://cve.mitre.org
"SANS"
www.SANS.org
"NVD"
http://NVD.NIST.gov
"Privacy Rights Clearinghouse's "A Chronology of Data Breaches"
www.privacyrights.org/ar/chrondatabreaches.htm
"CERT"
www.kb.cert.org/vuls
"WVE"
www.wve.org
Web Applications
"Absinthe" / www.0x90.org/releases/absinthe
www.acunetix.com
www.acronis.com
"Defaced Websites"
http://zone-h.org/archive
"Network Calculators"
www.subnetmask.info
RPM files for Linux Distributions
rpmfind.net
"Savannah" / Central point for development, distribution, and maintenance of free software
savannah.gnu.org
"STRACE"
sourceforge.net/projects/strace/
UPS / "graphical source-level debugger"
ups.sourceforge.net
YUM / Utility that installs, removes, & updates system software packages
linux.duke.edu/projects/yum
DNS Glossary
www.menandmice.com/knowledgehub/dnsglossary/default.aspx
"AirSnort"
http://airsnort.shmoo.com
http://winairsnort.free.fr
"Elcomsoft Wireless Security Auditor"
www.elcomsoft.com/ewsa.html
www.cantenna.com
"WEP Crack" / http://wepcrack.sourceforge.net
Database of wireless networks
www.wigle.net
www.wifimaps.com
www.wifinder.com
SpyWare
junkbusters.com
www.spywareinfo.com
www.spywareguide.com
microsoft.com/spyware
RootKit Hunter
rkhunter.sourceforge.net
"SAINT" / "Security Administrator's Integrated Network Tool"
www.saintcorporation.com
"File Integrity Check" / "SAMHAIN"
www.la-samhna.de
"SARA" / "The Security Auditor's Research Assistant Security Analysis Tool"
www-arc.com/SARA
Bruce Schneier
www.schneier.com
secunia.com
www.securityfocus.com
SSH
openssh.org
http://WS.arin.net
http://winhackingexposed.com
Windows Dumpsec
www.systemtools.com/somarsoft/?somarsoft.com
Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx
Network Users
www.optimumx.com/download/netusers.zip
"How to disable SMTP relay on various e-mail servers"
www.mail-abuse.com/an_sec3rdparty.html
"IMPERVA" / www.imperva.com/products/database-firewall.html
"Linux Administrator's Security Guide"
www.seifried.org/lasg
PYN Logic
www.pynlogic.com
Secure IIS
www.eeye.com/html/products/secureiis/index.html
Server Defender
www.port80software.com/products/serverdefender
www.truecrypt.org
"Awareity Moat" / www.awareity.com
Dogwood Management Partners
www.securitposters.net
Microsoft IIS forums
Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com
NIST Awareness, Training, & Education
http://CSRC.NIST.gov/ate
Security Awareness, Inc. / www.securityawareness.com
CSRC.NIST.gov
http://sipsak.org
http://vomit.xtdnet.NL
"Advanced Access Password Recovery" / www.elcomsoft.com/acpr.html
"App Detective Pro" / www.appsecinc.com
NGSSQUIRREL / www.ngssoftware.com/products/database-security
"Pete Finnigan's Listing of Oracle Scanning Tools" / www.petefinnigan.com/tools.htm
SQLPING
www.sqlsecurity.com/tools/freetools
www.treachery.net/tools
Tripwire IDS
www.tripwire.com
Wireshark (Network Protocol Analyzer)
www.wireshark.org
BitTorrent = distributes large amounts of static data
azureus.sourceforge.net
CVS / "Concurrent Versions System"
www.nongnu.org/cvs
www.gnu.org/software/ddd
Free Software Dictionary
directory.fsf.org
GNOME project
www.gnome.org/projects
Linux Software Map
www.boutell.com/lsm
Port Scanning - Windows
http://joncraton.org/files/nc111nt.zip
www.foundstone.com
http://NTSECURITY.nu
Domain Lookup
http://whois.iana.org
www.samspade.org
www.nwpsw.com / netscan tools pro
The File Extension Source
http://filext.com
www.lacnic.net
military domains / www.nic.mil
Netcraft's "What's that Site Running?
www.netcraft.com
RIPE Network Coordination Centre
www.db.ripe.net/whois
"Gramm-Leach-Bliley Safeguards Rule"
www.ftc.gov/os/2002/05/67fre36585.pdf
"Health Information Technology for Economic and Clinical Health" / "HITECH"
www.oig.dot.gov/files/recovery_act.pdf
HIPAA Security Rule
www.cms.hhs.gov/securitystandard/downloads
Payment Card Industry Data Security Standard "PCI DSS"
www.pcisecuritystandards.org/security_standards
www.hammerofgod.com
"Craig Johnson's Border Manager Resources"
http://nscsysop.hypermart.net
JRB Software
www.jrbsoftware.com
NET SERVER MON
www.simonsware.com/nsmdesc.html
www.securityfocus.com/data/vulnerabilities/exploits/remote.zip
Mailsnarf / www.monkey.org/~dugsong/dsniff
SMTP Relay Checker
www.abuse.net/relay.html
BRUTUS
www.hoobie.net/brutus
www.eicar.og
GFI Email Security Test
www.gfi.com/emailsecuritytest
Keyloggers
www.amecisco.com/iks.htm
www.keyghost.com
www.spectorsoft.com
hacking
www.2600.com
http://cu-digest.org
www.thinkgeek.com
www.jargon.8hz.com
www.phrack.org
Honeypots
www.tracking-hackers.com
U.S. Patent & Trademark Office
www.uspto.gov
Securities & Exchange Commission
www.sec.gov/edgar.shtml
WOTSIT's Format
www.wotsit.org
U.S. State Breach Notification Laws
www.NCSL.org
Linux Security Auditing Tool (LSAT)
http://lsat.sourcforge.net
Qualys Guard
www.qualys.com
Exploit Tools
"Metasploit" / www.metasploit.com
"Milw0rm" / www.milw0rm.com
General Research Tools
www.AFRINIC.net
www.APNIC.net
DNSSTUFF
www.dnsstuff.com
High Tech Crime Investigation Association
http://www.htcia.org
Log Analysis
www.arcsight.com/products/products-logger
GFI Events Manager
www.gfi.com/eventsmanager
System Logging Resources
www.loganalysis.org
Comp TIA Security
www.comptia.org
SANS GIAC
www.giac.org
BugTraq
www.securityfocus.com/archive/1
CHKRootKit
www.chkrootkit.org
www.FWTK.org
www.HPING.org
www.ISC2.org
John the Ripper (Cracker)
www.openwall.com/john
Kerberos
web.mit.edu/kerberos/www
LIDS
www.lids.org
Nessus
www.nessus.org
NMAP
http://www.NMAP.org
RBAC "Role-Based Access Control"
CSRC.NIST.gov/groups/SNS/rbac
"BRO" = "Lawrence Berkeley National Laboratory (LBNL)"
www.bro-ids.org
http://blog.ICIR.org
http://mailman.ISI.berkeley.edu/mailman/listinfo/BRO
Live Toolkits
"KNOPPIX" / www.knoppix.net
www.frozentech.com (listing of live bootable linux toolkits)
www.networksecuritytookit.org
Security Tools Distribution / http://S-T-D.org
"Free On-Line Dictionary of Computing" / foldoc.org
"The Jargon File: An On-Line Version of "The New Hacker's Dictionary" /
www.catb.org/~esr/jargon
"ONELOOK" - "Multiple-site word search with a single query"
www.onelook.com
www.keyboardr.com
Commercial Technical Dictionary / www.webopedia.com
Internet FAQ Archives
www.FAQS.org
Publishers
Prentice Hall - NJ
Pearson
Addison Wesley
O'Reilly
Peachpit Press
Adobe Press
Alpha
Cisco Press
Que
FT Press
Redbooks
SAMS
IBM Press
SAS Publishing
Sun Microsystems (?)
Wiley
New Riders
Microsoft Press
LYNDA.com
-RSFTPD Server
- SQUIRREL Mail
- Spam Assassin
- SAMBA Server
- Apache Server
- CACTI Server
"http://localhost/mail/src"
"http://localhost/cacti/host.php?action=edit&id=2"
"Record your computer's model number, make, and serial number"
www.stolencomputers.org
computer security products
www.computersecurity.com
www.kensington.com
www.secure-it.com
www.openbsd.org
symantec security response / http://securityresponse.symantec.com
"The Security News Portal" / www.securitynewsportal.com
To test your firewall's capabilities & see how many open ports it neglects to close, visit:
"LEAKTEST"
http://grc.com/lt/leaktest.htm
"HackerWatch"
www.hackerwatch.org/probe
"Audit My PC"
www.auditmypc.com/freescan/scanoptions.asp
"Outbound"
www.hackbusters.net/ob.html
Firewall Leak Tester
www.firewallleaktester.com
www.caminobrowser.org
www.openfieldsoftware.com
facebook.com/profile.php?id=1655747072
NSLookup = enables you to look-up IP addresses in the DNS (kloth.net)
To get a list of DNS Servers:
ftp://ftp.rs.internic.net/domain/named.root
To circumvent port blocking, people use tunneling.
this essentially lets one port perform the functions of other ports.
dynamic internet technology: www.dit-inc.us
electronic privacy information center: www.epic.org
to find a proxy server: Public Proxy Servers www.publicproxyservers.com
Information encryption: www.proxyway.com
Secure-Tunnel: www.secure-tunnel.com
list of proxy servers:
"Proxylist" www.web.freerk.com/proxylist.htm
JAP Anon Proxy
http://anon.inf.tu-dresden.de/index_en.html
Rootkits can delete or modify log files
Log File Analysis Programs
www.analog.cx
www.sawmill.net
Webalizer
www.mrunix.net/webalizer
www.doxpara.com
hooks = functions that enable another program to view the inner abilities of an operating system.
can be used by rootkits to subevert the operating system. known as "hooking"
programs that monitor and protect the operating system
anti hook (www.infoprocess.com.au)
process guard (www.diamondcs.com.au/processguard)
Novell's App Armor (http://en.opensuse.org/apparmor)
Another component of a rootkit is a sniffer.
www.wincap.org/windump
www.ethereal.com
www.networkgeneral.com
www.wildpackets.com
http://analyzer.polito.it
www.tcpdump.org
www.tengu.be
to see if a sniffer has been installed on a network
antisniff (http://packetstormsecurity.nl/sniffers/antisniff)
promiscdetect (http://ntsecurity.nu)
rootkit detectors
strider ghostbuster (http://research.microsoft.com/rootkit)
Joanna Rutkowska (www.invisiblethings.com)
www.rootkit.nl
www.chkrootkit.org
www.sysinternals.com
www.rootkit.com
port scanning
www.angryziber.com/ipscan (angry ip scanner)
www.nessus.org
www.wildpackets.com (inettools)
www.nstalker.com/eng/products/nstealth (n-stealth)
sniffer program
www.wardriving.com
http://iso.leakage.org/
rat = remote access trojan
anti-trojan horse programs:
"bo clean" www.nsclean.com
ewido security suite (www.ewido.net)
tauscan (www.agnitum.com)
the cleaner (www.moosoft.com)
www.misec.net/trojanhunter
DANIEL S. ABRAHAMIAN
COMPUTER FORENSICS
FEELMYFLAME
No comments:
Post a Comment