ForLEx
|
La sezione dedicata alla nostra distribuzione linux, registrati per accedere all'AREA DOWNLOAD
The section dedicated to our distribution, you can subscribe to access DOWNLOAD AREA
|
|
Scritto da Luca Guerrieri
|
|
Mercoledì 28 Novembre 2012 20:39 |
YES! After a lot of hours spent on this project finally I can say ... RELEASED! (CLICK HERE FOR DOWNLOAD ISO)
Infact after a deep study on the different tools and how they can be usefull and in which way we (forensics people) can use them. I released this new version of my old forensic oriented distro. The most important part is the WRITE BLOCK EVERY TYPE of storage and the ability to BLOCK DIRECTLY IN READ ONLY any attachable storage. In this case we are sure that all our operation can't damage accidentally our work. This is very important because, if under stress, we can change the end of our game thank only to a wrong click !
Another "nice" feature is the multi-kernel for differet platform we have 486 - 686 and AMD64 so we have covered a lot of ...
For helping to avoid these problems I've developed, also, ForLEx Mount Manager (release 2.0) that is the unique interface to the mount and ro/rw operations.
The tools inserted into this version (v.2.0.0 Armando) are :
Editor
System tools
File tools
Utility
| txt2regex |
wizard for regular expressions |
home page |
| dd_rescue |
version error_tollerant of dd |
home page |
| cabextract |
Cab extractor |
home page |
| uudeview |
Utility for send file using e-mail o news-group |
home page |
| tofrodos |
Convert text file |
home page |
File System tools
| macutils |
tool for manage mac’s filesystem |
home page |
| dosfstools |
ms-dos fat file system filemaager |
home page |
| genisoimage |
tool to make image for burning |
home page |
| mtools |
collezionedi utility per manipolare file system msdos |
home page |
| ntfsprogs |
manipola file system ntfs |
home page |
| wodim |
command line cd/dvd writing tool |
home page |
gpart
|
Tool for finding lost partitions
|
home page
|
gparted
|
Gnome partition editor
|
home page
|
hfsplus
|
Tool to access HFS+ formatted volumes
|
|
hfsprogs
|
Manage HFS and HFS+ file systems
|
home page
|
hfsutils
|
Tools for reading and writing Macintosh volumes
|
home page
|
ntfsprogs
|
Tool for doing neat things in NTFS partitions
|
home page
|
Network tools
| cryptcat |
TCP/IP netcat with twofish encryption |
home page |
gigolo
|
Front-end to manage connection on remote filesystems
|
home page
|
| httptunnel |
tunnel over http protocol |
home page |
| lftp |
powerfull client ftp ftps http https etc. |
home page |
| mtr |
traceroute with X11 gui and ncurses |
home page |
| ncpfs |
tool for Netware Server |
home page |
| netcat |
Swiss army knife of TCP |
home page |
| nmap |
utility for network exploration and security auditing |
home page |
| open-iscsi |
High performance, transport independent iSCSI implementation
|
home page
|
| sswrap |
wrapper for all protocols TCP based |
home page |
| smbclient |
client for server SMB/CIFS |
home page |
| wicd |
Wired and wireless network manager
|
home page
|
Graphical tools
Forensic tools
| aesfix |
Tool for correcting bit errors in an AES key
|
home page
|
| aeskeyfind |
Tool for finding and repairing AES keys
|
home page |
| afflib-tools |
Support for Advanced Forensics Format
|
home page
|
| chaosreader |
Trace network trafic
|
home page
|
| dcraw |
utility per convertire il formato raw delle macchine fotografiche digitali in immagini |
home page |
| ed2k-hash |
Tool for generating ed2 link
|
home page
|
ext2grep
|
Recovery tool
|
|
| Ewf-tool |
Expert Withness Format |
home page |
| LinEn |
Linux Encase by Guidance Software |
home page |
| foremost |
Recovery tools |
home page |
FtkImager
|
Tool for acquiring in forensics manner
|
home page
|
galleta
|
Internet Explorer cokie forensics analysis tool
|
home page
|
grokevt
|
Tool for reading Microfoft Windows event log files
|
home page
|
guymager
|
Forensics imaging tool based on Qt
|
home page
|
| hdparm |
Manage hdparm parameters of the hard disk |
home page |
libphash0
|
Perceptual hashing library
|
home page
|
md5deep
|
Recursively compute hashsums
|
home page
|
memdump
|
Utility to dump memory contents to stdout
|
home page
|
missidentify
|
A program to find win32 applications
|
home page
|
myrescue
|
Rescue data from damaged hard disks
|
home page
|
nasty
|
Tool for recover GPG passphrase
|
home page
|
pipebench
|
Measures the speed of stdin/stdout
|
home page
|
recoveradm
|
recover files/disks with damaged sectors
|
home page
|
reglookup
|
Utility for read and query Windows NT/2000/XP registry
|
home page
|
rifiuti / rifiuti2
|
Windos recicle bin analysis tool
|
home page
|
safecopy
|
Copy utility ignoring errors
|
home page
|
| scalpel |
Quickly file carver |
home page |
sleuthkit
|
Collection of tools for forensics analysis
|
home page
|
ssdeep
|
Recursive piecewise hashing tool
|
home page
|
| pasco |
Analyze Internet Explorer |
home page |
| podsleuth |
forensic on iPod |
home page |
| scrounge-ntfs |
data recovery for ntfs partitions |
home page |
tableau-parm
|
Tableau write-blocking query/command utility
|
home page
|
tct
|
Collection of forensics related utilities
|
home page
|
unhide
|
Forensics tool for finding hidden processes and ports
|
home page
|
| wipe |
wiping |
home page |
CLICK HERE FOR DOWNLOAD ISO
ENGLISH
ForLEx Live-cd v. 2.0.0 is based on the distribution Debian Linux legacy from which the license.
If not otherwise specified, the software on the CD falls under the GNU GENERAL PUBLIC LICENSE. Similar to other Open Source licenses, this means that you can copy, modify, redistribute and even resell the CD without restrictions, as long as the recipient receives the same license. The source code of the standard packages on the CD are available from their respective original providers (for example on the FTP servers at Debian, RedHat, Mandrake). Individual packages, as specified by the GPL, may fall under another license (for example Netscape). If in doubt, the licenses can be found in the help sections or the DEB-database (dpkg -p package-name) of each software package.
If you need to change the CD distributed here, being released under GPL remember to communicate to the author, through e-mail Indirizzo e-mail protetto dal bots spam , deve abilitare Javascript per vederlo , and properly cite the source.
Disclaimer
This product is considered experimental and not complete, its use is at your own risk. The implementer can not be held responsible in any case for damage to hardware or software, loss of data, or other direct or indirect, as well as for damages resulting from use of this software. We recommend, however, test the functionality on non-critical devices while avoiding the use of which those not know, with certainty, the result of operations carried out. In some countries the cryptographic software and other components present on the CD are governed by regulations on export or even from software patents, which may prohibit the distribution or download. The lessee is liable for its compliance with all applicable laws. If you plan to use commercially or distribute (and sell) this CD and the software included in it, you have to acquire the necessary licenses and permissions from all holders of its copyrights, or remove these components before the start distribution.
ITALIANO
ForLEx Live-cd v. 2.0.0 è basato sulla distribuzione Debian da cui eredita la licenza.
Se non altrimenti specificato tutto il software presente nel CD è rilasciato sotto GNU General Public License. Similmente ad altre licenze Open Source, significa che è possibile copiare, modificare, ridistribuire ed eventualmente rivendere il CD senza restrizioni. L'utilizzatore o l'acquirente avrà la stessa licenza. Il codice sorgente dei software standard installati su CD sono disponibili presso i rispettivi ed originali distributori (ad esempio dal server FTP di Debian, RedHat, Mandrake). Pacchetti d'installazione individuali, come espresso dalla G.P.L., potrebbero essere rilasciati sotto un altro tipo di licenza (ad esempio Netscape). In caso di dubbio, la relativa licenza di rilascio può essere trovata nella sezione di aiuto del pacchetto o nel DEB-database (dpkg -p package-name) di ogni software.
Qualora fosse necessario modificare il CD qui distribuito, essendo rilasciato sotto GNU G.P.L. si ricorda di comunicarlo all'autore, per mezzo dell'indirizzo e-mail Indirizzo e-mail protetto dal bots spam , deve abilitare Javascript per vederlo , e di citarne correttamente la fonte.
Disclaimer
Questo prodotto è da considerarsi sperimentale e non completo, il suo uso è a proprio rischio e pericolo. Il realizzatore è esonerato da ogni responsabilità in caso di danni ad hardware o software, perdita di dati, o altro, diretto o indiretto, oltre che per danni derivanti dall 'uso di questo software. Si consiglia, comunque, di testarne le funzionalità su dispositivi non critici evitando l'uso su quelli dei quali non si conoscerebbe, con certezza, il risultato delle operazioni eseguite. In alcuni paesi il software crittografico e gli altri componenti presenti sul CD sono disciplinati da regolamenti sulla esportazione o anche da brevetti software, che possono vietarne la distribuzione o il download. L'utilizzatore è responsabile del proprio rispetto di tutte le leggi applicabili. Se si prevede di utilizzare commercialmente o distribuire (e vendere) questo CD ed il software in esso incluso, dovete acquisire le necessarie licenze e le autorizzazioni da tutti i titolari dei relativi diritti d'autore, oppure rimuovere questi componenti prima di iniziarne la distribuzione.
|
|
Ultimo aggiornamento Martedì 18 Dicembre 2012 23:43 |
|
|
Scritto da Luca Guerrieri
|
|
Mercoledì 28 Novembre 2012 15:44 |
|
Hi people!
After a lot of work around my new forensic distribution, I've decided to develop a new Mount Manager.
This time I used GTK interface so we'll be able to use rich-features widgets instead of poors but quick dialog/xdialog interfaces. In this new generation manager we can find a section for the information related to every device and we'll take always notes of our operation thanks to an event log area. At the end of his activities the user can save that log therefore he can attach to his report.
Example of EVENT LOG
|
2012-11-22 21:52:01 : =============== ForLEx Mount Manager - Event LOG ===============
2012-11-22 21:52:01 : Loaded devices' list
2012-11-22 21:53:00 : Selected /dev/sda
2012-11-22 21:53:03 : Success : Set /dev/sda on Read Write mode
2012-11-22 21:53:03 : Loaded devices' list
2012-11-22 21:53:04 : Selected /dev/sda
2012-11-22 21:52:01 : =============== ForLEx Mount Manager - Event LOG ===============
2012-11-22 21:52:01 : Loaded devices' list
2012-11-22 21:53:00 : Selected /dev/sda
2012-11-22 21:53:03 : Success : Set /dev/sda on Read Write mode
2012-11-22 21:53:03 : Loaded devices' list
2012-11-22 21:53:04 : Selected /dev/sda
|
All the other features are easily understandable. In particolar there is a
check when we set our drives on rw or ro mode and when we want to mount them.
SCREENSHOTS
|
|
Ultimo aggiornamento Giovedì 29 Novembre 2012 23:20 |
|
Scritto da Luca Guerrieri
|
|
Mercoledì 28 Novembre 2012 15:44 |
|
Hi all,
first of all thank you for your support and for your downloads. After a little debug I've added a new functionality to this tool. It's a ATA over Ethernet connection. Yes, thank to it we can mount a remote hard drive (or blocks device) or a dd file or virtual drive (ooohh!) and we can use it as a local blocks device, so, we will be able to format and to write our partition's table as we need.
Obviously we can use on the contrary acquiring the device by network (I'm working on a tool for facilitating this ;-) )
Remember that Forlex Mount Manager does not permit to mount and to unlock by default a device and any related partition!
Therefore we need to list, unlock (RW) and ... work on .. e.g. if you create a partition after this, REMEMBER to unlock the new partition!!!
|
|
Ultimo aggiornamento Sabato 16 Febbraio 2013 15:14 |
|
|
Scritto da Administrator
|
|
Domenica 08 Maggio 2011 19:01 |
Starting with this version, I inserted a new tool. This is usefull for doing a Live Acquisition of a running system (e.g. its RAM contents).
As you know ForLEx is composed by two parts:
1) a bootable Linux Live O.S. with a lot of tools;
2) an auto-runnable tool, named “ForLEx Live Acquisition Launcher”
I made this tool because I wanted to give the opportunity, during a live data forensics activity, dumping the RAM and then acquiring physical memory, but also acquiring system target information and capturing screenshots or check the processes running on the system.
Of course these operations changes something on the target machine but there is no way to avoid making these changes.
In order to conduct a live examination and then to capture data, it is necessary to execute tools on a running system, he execution of each tool will make changes to the running system.
When ForLex Live Acquisition Launcher starts up, it shows an important message about target computer’s data protection.
Pressing “ACCEPT” the user has redirected to a useful menu where can choose the right utility.
In this menu there are three different area :
Acquisition : delimits the tools usefull for acquisition of ram or storage
"Winen32", a Guidance Software tool for RAM acquisition on 32bit systems
"Winen64", a Guidance Software tool for RAM acquisition on 64bit systems
"FTK Imager", an Access DATA tool for memory acquisition
"RAM By Net", a tool for RAM acquisition in conjuction with NetCat
"WINDD", a tool for RAM memory acquisition
"MDD", a tool for RAM memory acquisition
Inspecting : delimits the tools usefull for acquisition of information
“AviScreen”, a freeware screen recorder;
“CurrPorts”, allows to have a list of active processes, Process ID, protocol, local port involved, process path and other several information;
“WinAudit”: it is the well known tool that allows a complete auditing for windows based computers
“Hover Snap”: a freeware snapshot capturer;
“PC On/Off time”: a useful tool which gives the possibility to see the timeline of the on/off target machine events.
Utility : delimits system utilities
"Shell", a system shell
"Putty", an ssh client for remote shell
"NetCat", an utility usefull to connects by network to another computer
We can do PHYSICAL/HARD DRIVE acquisitions in different ways.
ForLex provides Winen32 , Winen64, FTK Imager, RAM by Net, WinDD and MDD. All of them, for the execution use right shell residents on the distribution cd-rom. They doesn’t use system’s shell, so if that is corrupted (damaged/poisioned) we will be sure that our operations will not be altered.
By the choose of a tool, on the screen will appear the follow message.
It means that we can have a shell DOS with the command prompt lighting at the end of path (OPEN DIR) or instead, executing directly (EXECUTE) the tool.
If we use RAM by NET (a good method for a minimum impact on the target system), we can choose the IP and Port destination, and the tool will show the command (in red).
Clicking ACQUISITION, and before the tool starts the acquisition, the user receives a warning useful to correctly configure the destination.
On the destination system we can choose where we want to store the stream capture.
Before the user starts the acquisition, he receives a warning useful to control if we are on the right computer.
I hope this new tool can be usefull for you forensic experience.
|
|
Ultimo aggiornamento Lunedì 09 Maggio 2011 11:56 |
|
Scritto da Luca Guerrieri
|
|
Mercoledì 27 Aprile 2011 21:36 |
|
I'm proud to announce my latest version of ForLEx Live CD, ver. 1.5.5 !
In this version I have corrected some minor bugs and I have added upgraded some tools.
Another reason to download this new version is an improved control of the read/write permissions, the implementation
of the iScsi client and a new tool for Live Analisys on live systems.
Tools
The tools inserted into this version (v.1.5.5) are :
Editor
System tools
File tools
Utility
|
txt2regex
|
wizard for regular expressions
|
home page
|
|
dd_rescue
|
version error_tollerant of dd
|
home page
|
|
cabextract
|
Cab extractor
|
home page
|
|
uudeview
|
utility for send file using e-mail o news-group
|
home page
|
|
tofrodos
|
Convert text file
|
home page
|
|
sitar
|
System InformaTion At Runtime
|
home page
|
File System tools
|
macutils
|
tool for manage mac’s filesystem
|
home page
|
|
dosfstools
|
ms-dos fat file system filemaager
|
home page
|
|
genisoimage
|
tool to make image for burning
|
home page
|
|
mtools
|
collezionedi utility per manipolare file system msdos
|
home page
|
|
ntfsprogs
|
manipola file system ntfs
|
home page
|
|
wodim
|
command line cd/dvd writing tool
|
home page
|
|
xcdroast
|
command line cd writing tool
|
home page
|
Network tools
|
cryptcat
|
TCP/IP netcat with twofish encryption
|
home page
|
|
hping2
|
command-line utility TCP/IP packet assembler ed analyzer
|
home page
|
|
httptunnel
|
tunnel over http protocol
<;/td> |
home page
|
|
lftp
|
powerfull client ftp ftps http https etc.
|
home page
|
|
mtr
|
traceroute with X11 gui and ncurses
|
home page
|
|
ncpfs
|
tool for Netware Server
|
home page
|
|
netcat
|
Swiss army knife of TCP
|
home page
|
|
nmap
|
utility for network exploration and security auditing
|
home page
|
|
sswrap
|
wrapper for all protocols TCP based
|
home page
|
|
smbclient
|
client for server SMB/CIFS
|
home page
|
Graphical tools
Forensic tools
|
Air
|
Automate Image Restore
|
home page
|
|
Ewf
|
Expert Withness Format
|
home page
|
|
LinEn
|
Linux Encase by Guidance Software
|
home page
|
|
foremost
|
Recovery tools
|
home page
|
|
hdparm
|
Manage hdparm parameters of the hard disk
|
home page
|
|
scalpel
|
Quickly file carver
|
home page
|
|
pasco
|
Analyze Internet Explorer
|
home page
|
|
podsleuth
|
forensic on iPod
|
home page
|
|
scrounge-ntfs
|
data recovery for ntfs partitions
|
home page
|
|
dcraw
|
utility per convertire il formato raw delle macchine fotografiche digitali in immagini
|
home page
|
|
wipe
|
wiping
|
home page
|
ForLEx Live-cd v. 1.5.5 is based on the distribution Knoppix Linux legacy from which the license.
If not otherwise specified, the software on the CD falls under the GNU GENERAL PUBLIC LICENSE. Similar to other Open Source licenses, this means that you can copy, modify, redistribute and even resell the CD without restrictions, as long as the recipient receives the same license. The source code of the standard packages on the CD are available from their respective original providers (for example on the FTP servers at Debian, RedHat, Mandrake). Special components such as the KNOPPIX kernel or the automatic hardware detection source code can be downloaded from http://www.knopper.net/download/knoppix/ if not already available in the /usr/src directory on the CD. Individual packages, as specified by the GPL, may fall under another license (for example Netscape). If in doubt, the licenses can be found in the help sections or the DEB-database (dpkg -p package-name) of each software package.
If you need to change the CD distributed here, being released under GPL remember to communicate to the author, through e-mail
Questo indirizzo e-mail è protetto dallo spam bot. Abilita Javascript per vederlo.
, and properly cite the source.
Disclaimer
This product is considered experimental and not complete, its use is at your own risk. The implementer can not be held responsible in any case for damage to hardware or software, loss of data, or other direct or indirect, as well as for damages resulting from use of this software. We recommend, however, test the functionality on non-critical devices while avoiding the use of which those not know, with certainty, the result of operations carried out. In some countries the cryptographic software and other components present on the CD are governed by regulations on export or even from software patents, which may prohibit the distribution or download. The lessee is liable for its compliance with all applicable laws. If you plan to use commercially or distribute (and sell) this CD and the software included in it, you have to acquire the necessary licenses and permissions from all holders of its copyrights, or remove these components before the start distribution. |
|
Ultimo aggiornamento Lunedì 09 Maggio 2011 14:01 |
|
|
|
|
|
|
Pagina 1 di 2 |
|
Tutti i contenuti riportati in questo sito vengono rilasciati con la seguente licenza : Creative Commons Attribution - NonCommercial - ShareAlike Si precisa, inoltre, che tutti i singoli marchi registrati sono dei rispettivi proprietari. Diritti d’autore e proprietà industriale: I testi e le immagini pubblicati in questo sito sono di proprietà esclusiva dei relativi autori i quali indicano per ogni opera la relativa licenza di rilascio. In caso, quest'ultima, non sia espressamente indicata si assumerà, a favore del relativo autore di ogni opera, la Creative Commons Attribution - NonCommercial - ShareAlike. Ogni singolo autore è responsabile dei contenuti da egli realizzati. Note ex L. 62/01 - I contenuti di questo sito non hanno carattere di periodicità e non rappresentano "prodotto editoriale". I controlli sui contenuti riguardano solo ed esclusivamente quelli pubblicati direttamente da questo sito. I link ad altre pagine non rientrano nei controlli in questione.