[转载]An Overview of Available Tools for Forensic Investigators
原始连接:[url]http://www.forensicswiki.org/wiki/Tools[/url]Network Forensics Tools
chkrootkit
...
cryptcat
...
netcat
...
netflow/flowtools
[url]http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml[/url]
[url]http://www.splintered.net/sw/flow-tools/[/url]
NetIntercept
[url]http://www.sandstorm.net/products/netintercept[/url]
NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
rkhunter
...
Sguil
[url]http://sguil.sourceforge.net/[/url]
Snort
[url]http://www.snort.org/[/url]
Tcpdump
[url]http://www.tcpdump.org[/url]
tcpextract
[url]http://tcpxtract.sourceforge.net/[/url]
tcpflow
[url]http://www.circlemud.org/~jelson/software/tcpflow/[/url]
truewitness
[url]http://www.nature-soft.com/forensic.html[/url]
Linux/open-source. Based in India.
etherpeek
[url]http://www.wildpackets.com/products/etherpeek/overview[/url]
页:
[1]