Cyber Files
As DCCI completes hardware and software testing, summaries of the projects are
listed within the DCCI Cyber Files publication. The most recent version of the Cyber Files
is December 2009. Governmental organizations can request
a report by contacting DCCI at 410-981-1169 or 
.
All of the below listed products may be downloaded from NRDFI.
| Title | Type | Date | Description |
|---|---|---|---|
| Bearshare P2P | Study | 2008-01-04 | Bearshare is a P2P program that allows for the sharing of files and social networking. |
| CD/DVD Session Copying Procedure | Study | 2008-05-14 | The purpose of the study is to determine if it is necessary to record data from CD/DVD storing the same data in multiple formats. The main software in issue is CD/DVD Inspector. |
| FRED Operational Test | Study | 2008-04-28 | The purpose of this study and testing is to investigate the discrepancy in the count of images extracted by an EnCase EnScript when executed on an HP xw8200 workstation versus the SuperFRED machine. |
| Gnutella P2P | Study | 2008-01-11 | Gnutella is a peer-to-peer (P2P) protocol that enables developers to create interactive clients that enables users to share files through a distributed, global network. |
| HVM vs SCARF | Study | 2008-12-15 | The purpose of the study is to compare two tools, HVM and SCARF, which employ virtual environments to scan files and folders for malware. HVM uses a single virtual machine which contains all the anti-virus applications to perform the malware analysis. |
| X-Ways Comparison Study | Study | 2008-01-11 | This study examinesthe similarities and differences between X-Ways, EnCase, FTK, and ILook. |
| Adobe Acrobat v8.1 | Validation | 2008-10-01 | Adobe Acrobat allows users to create and edit PDF documents. PDF has become the standard that the U.S. Government uses when distributing and archiving documents. Of its many features is allowing a user to redact a document of sensitive material and remove any metadata and other elements that they do not wish to be disseminated. |
| DNA v3.3 | Validation | 2008-05-09 | The function of DNA is similar to that of Password Recovery Toolkit (PRTK), also developed by AccessData, but it utilizes the processing power of many computers to recover passwords. |
| Forensic Box v1.44 | Validation | 2008-12-31 | Forensic Box can open and read Windows Live Messenger chat files making the contents available for viewing or exporting. |
| FTK Imager v2.5.4 | Validation | 2008-11-12 | Access Data developed FTK Imager v2.5.4 as a data preview and imaging tool that lets a user quickly access electronic evidence to determine if further analysis with Forensic Toolkit is warranted. |
| FTK v1.81 | Validation | 2008-10-28 | Access Data developed Forensic Toolkit version 1.81 as a Windows-based digital forensic analysis tool suite. FTK has many features including the ability to view the file system as the user would see it, run positive/negative hash analysi |
| HashCalc v2.02 | Validation | 2008-12-01 | HashCalc is a utility that allows users to compute message digests, checksums and HMACs for files, as well as for text and hex strings. It offers a choice of 11 different hash and checksum algorithms for calculations. |
| IISP Heuristics VM | Validation | 2008-09-12 | The Heuristics VM is windows-based virtual machine developed by DCCI. This VM is loaded onto the examiner machine with ten anti-virus applications installed. The function of this VM is to run the anti-virus applications against a piece of media with suspected malware. |
| ILook Prefetch Parser | Validation | 2008-02-05 | IPP was developed to parse the prefetch folder within the ILook forensic suite. |
| NetAnalysis v1.36 Deleted History Extractor | Validation | 2009-05-28 | Digital Detectives developed NetAnalysis as a more effective method of examining internet artifacts from a piece of evidence. It has the capability to extract internet artifacts from several different web browsers, organize the data, an |
| MacForensicsLab v2.5 | Validation | 2009-01-02 | MFL is a complete suite of forensics and analysis tools in one cohesive package, combining the power of many individual functions into one application to provide a single |
| Mac Pro \(Early 2008\) Intel Xeon CPU X5472 @3.00GHz | Validation | 2008-12-18 | Hardware validation of the 3.00GHz Mac Pro (Early 2008) Intel Xeon CPU X5472 |
| md5deep v3.1 | Validation | 2008-12-01 | MD5Deep is a cross-platform set of programs to compute MD5, SHA-1, SHA-256, Tiger, or Whirlpool message digests on an arbitrary number of files. Md5deep is able to recursively examine an entire directory tree. |
| md5summer v1.2.0.11 | Validation | 2008-12-08 | md5summer is an application for Microsoft Windows 9x, NT, ME, 2000 and XP which generates and verifies md5 checksums. Its output file is compatible with the output of the Linux GNU MD5Sum and it will also read Linux generated files. |
| MD5 v2.6 | Validation | 2008-12-31 | MD5 is a Macintosh utility that creates and compares MD5 checksums. It can compare files as well as a file with a checksum-string. Evaluation is needed to ensure that this software can function on the Macintosh platform without altering the media used in the testing procedure. |
| Mount Image Pro v2.6 | Validation | 2008-11-05 | Mount Image Pro v2.6 will mount EnCase evidence files, Unix/Linux dd images, SMART images, and ISO (CD/DVD images) computer forensic images as a drive letter on Windows systems in a read-only 'forensically sound' environment. |
| Live View v0.6 LE | Validation | 2009-02-12 | Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a physical disk, a singe raw disk image, or a series of split disk images. This allows the forensic examiner to boot up the image or disk and gain an interactive, user-level perspective of the environment without modifying the underlying image or disk. Evaluation is needed to ensure that this software can function as advertised and preserve the forensic integrity of the media used in the testing procedure. |
| NetWitness Investigator v8.0.31 | Validation | 2008-01-09 | NetWitness Investigator is a Windows-based software application that provides free-form contextual analysis of terabytes of raw data captured and reconstructed by the NetWitness NextGen infrastructure. |
| PRTK 6.3.3 | Validation | 2008-12-15 | Password Recovery Toolkit v6.3.3 (PRTK) is a password recovery program for standalone computer operations. It is a tool for extracting data from password-protected files which are common file formats like PDF, JPEG, HTML and archive files. |
| Redax v4.53 | Validation | 2008-01-28 | Appligent's Redax is a plug-in for Adobe Acrobat versions 6, 7 and 8. It allows redaction of text, images and line art using a number of markup methods which include manual drawing of boxes, word lists, pattern matching, templates, or full page redaction. It also automatically removes metadata from documents upon redaction. |
| rEFIt v0.10 | Validation | 2008-02-11 | rEFIt is software designed to run on a bootable compact disk and gives the user access to information in the basic input-output system of an Intel based Macintosh operating system. |
| Single Computer and Multiple Machine System | Validation | 2008-06-06 | The Counterintelligence Field Activity (CIFA) developed the SCAMM system as an in house process that uses a series of software and hardware to effectively protect data while personnel are deployed. |
| Timeline EnScript v1.7.4 | Validation | 2008-01-02 | Timeline EnScript gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. The script checks Created, Modified, and Accessed times and puts files in order according to these fields. |
| Pandora v2.4.0 | Validation | 2009-07-28 | Pandora 2.4.0 is a Windows based digital forensic analysis tool developed by Carnegie Mellon University. Pandora will unpack many packed files automatically with no intervention from the user. Some of the more complicated packing tools require user input in interactive mode. |
| CERT CC VMWare Tools | Validation | 2009-02-04 | The CERT/CC VMware tools are used to obfuscate the virtual machine platform and prevent detection by the malware. |
| Wireshark v1.0.4 | Validation | 2009-02-05 | Wireshark, formally know as Ethereal, is a network packet analyzer developed originally by Gerald Combs. A network packet analyzer will attempt to capture network packets and display various types of packet data information. Wireshark is able to capture live packet data from a network interface and display the captured packet information. |
| EnCase v6.11 | Validation | 2009-02-12 | EnCase Forensic 6.11 is a Windows based digital forensic analysis tool created by Guidance Software. EnCase has many features, including the ability to analyze multiple platforms, view various file formats, acquire images, hash images, parse emails and attachments, and identify and support various file systems. |
| hfsdebug v4.32 | Validation | 2009-02-06 | hfsdebug is an OSX-based tool made for exploring HFS+ internals, more so than as a debugger in the typical sense in that it cannot make any changes to the volume being examined. |
| ISO Buster v 2.4 | Validation | 2009-02-12 | ISO Buster v2.4 is a CD/DVD data recovery tooIt can read CD and DVD images created in different formats (ISO, NRG, etc.) by various commercial applications. |
| Black Bag Macintosh Forensic Suite v2.5 | Validation | 2009-02-05 | Black Bag is a unique set of tools that provide forensic examiners with a flexible, open environment within which to perform their analysis. The suite is specifically designed for the Mac OS X operating system. |
| File Buddy v9.0.1 | Validation | 2009-02-06 | File Buddy was developed by Skytag Software as a file management suite for the Macintosh Operating System, OS X. The main function of File Buddy is to manage a large volume of files and folders using a set of tools. |
| Logorrhea v1.3.1 | Validation | 2009-02-12 | Logorrhea was developed by Spiny Software as an OSX-based tool used to organize, browse and search logs created by the OSX-based iChat application. iChat is an instant messenger application, similar to AIM, used to communicate with other users via the Internet. |
| DCCI AScan v2.0 | Validation | 2009-02-05 | Ascan is a command line function that is used in the Windows environment to extract information from the files and data structures of Limewire /Bearshare/Ares Galaxy that are artifacts of the products. The function of Ascan is to collect and organize the |
| DatView v2.1 | Validation | 2009-02-12 | SnapView was developed by the Department of Defense (DoD) Cyber Crime Institute (DCCI) as a means of decoding dat files created by KaZaA and/or KaZaAlite. |
| DbbView v2.1 | Validation | 2009-02-12 | The tests and procedures contained herein apply to DbbView, developed by the Department of Defense (DoD) Cyber Crime Institute (DCCI). DbbView is designed to decode .dbb files created by KaZaA and/or KaZaAlite. KaZaA and KaZaAlite are publicly available programs that enable peer-to-peer file exchanges. |
| Registry Browser v3.00 | Validation | 2009-02-12 | The Forensic Computer Examination Unit, Queensland Police Service (QPS) in conjunction with the Cyber Support Unit, Australian Crime Commission (ACC) developed Registry Browser version 3.00 as a tool for viewing Windows operating system registry entries. It allows the user to view registry entries of foreign machines, search them, and create reports of important keys. |
| RegDatXP v1.41 | Validation | 2009-02-12 | RegDatXP, a program developed by Henry Ulbrich, is designed to maintain the Windows registries on desktops and remote networked computers. RegDatXP allows you to search for keys a |
| Blindside Stegextraction Tool v1.0 | Validation | 2009-02-18 | Bs break is a Windows command line application created to identify bitmap files containing data that was hidden with the steganography program Blindside. It will determine a working password, if one was used, and extract the hidden data. The extracted data is decrypted and uncompressed. Bs break produces a log in html format that can be opened in any web browser. |
| Paraben's Chat Examiner v1.0.2 | Validation | 2009-02-23 | Parabens Chat Examiner v102 is a program designed to locate chat logs and create reports based on the chats it identifies. |
| VidReport v1.2.14 | Validation | 2009-02-23 | Sanderson Forensics developed VidReport v1214 as a forensic investigation tool for the processing and reporting of video files. |
| IMLook v2.1 | Validation | 2009-02-23 | IMLook v2.1 is a software program that decrypts the Yahoo Messenger instant messaging client's log files. The files created during a chat session cannot be opened with local Windows programs because of their special file format and encryption for security protection. Contact lists, passwords and credentials are just some of the information saved during instant message conversations. IMLook 2.1 can open and read the files making the contents available for viewing or exporting. |
| DC3dd v6.12.2 | Validation | 2009-02-23 | The purpose of dc3dd is to image and hash case evidence drives. The creation of dc3dd provides a tool that delivers the logging and specific data formats. |
| RegDat v1.30 | Validation | 2009-02-23 | RegDat, developed by Henry Ulbrich, is designed to maintain the Windows 98 registries on desktops and remote networked computers. RegDat allows you to search for keys and values and export them. Also, functions to compare the file with the current Registry are provided as well as tools to edit the file as a tool for viewing Windows operating system registry entries. |
| Video_Validator | Validation | 2008-03-31 | Video_Validator is a program used to verify carved video files and fragments are viewable using a video player such as VLC media player. Video_Validator scans a set of carved files to determine which file fragments actually play. |
| SnapView v2.1.02 | Validation | 2009-02-23 | Digital Detective has developed SnapView as a means of viewing and navigating through web pages and web page fragments on a file system. |
| Sleuth Kit v3.0.0 | Validation | 2009-02-23 | The Sleuth Kit (TSK) uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The code was modified for platform independence. |
| Autopsy v2.20 | Validation | 2009-02-23 | The Autopsy Forensic Browser is a graphical interface to utilities found in The Sleuth Kit (TSK). TSK is a collection of command line tools that allow you to investigate a Windows or Unix system by examining the hard disk contents. |
| DCCI_Video Validator v1 | Validation | 2009-02-23 | DCCI_Video Validator v1.0 is a program used to verify if video files and fragments can be viewed using a multi-media player. |
| DBXtract v3.70 | Validation | 2009-02-24 | DBXtract 3.70 is a free stand alone utility that is designed to extract email messages out of corrupt Outlook Express databases (.dbx) and turn them into individual .eml files. It may also be able to recover email that has been permanently deleted. |
| StegCarver with FLD v4.0 | Validation | 2009-02-24 | DCCI_StegCarver is a DCCI-developed special purpose carving tool. DCCI_StegCarver written to carve key file types out of data inadvertently appended to image files, but can also be used to carve data from any directory of files including files representing free space, swap (paging) files, memory dumps, slack space, and dd images. |
| SMT ArchivER v3.0.3.6 | Validation | 2009-03-09 | SMT ArchivER v.3.0.3.6 for Outlook 2003+ is a plug-in for Microsoft Outlook that allows the user to archive items in a PST or OST file to another format such as RTF, TXT, HTML, or MSG. It can also remove attachments and embedded objects. |
| Ilook v8.0.19 | Validation | 2009-03-24 | ILook 8.0.19 is a Windows based digital forensic analysis tool developed by the Internal Revenue Service (IRS) Criminal Investigation Division Electronic Crimes Program (CI). IRS and Perlustro, LP have combined efforts to further develop ILook as an electronic investigative tool. ILook has many features, including the ability to analyze multiple platforms, view various file formats, acquire images, hash images, and parse emails and attachments. ILook is capable of analyzing various file formats. |
| Keith's iPod Photo Reader v2.0 | Validation | 2009-03-24 | KIPR is an OS X based tool that provides access to the .ithmb photo library. The .ithmb files store copies of the full size images that are displayed directly on the iPod because the full size images would not display correctly on the iPod. These files are found in the /Photos/Thumbs directory of an iPod Photo that has been synced to contain a photo library. |
| Property List Editor v2.2 | Validation | 2009-03-24 | PLE is an OS X based tool that is bundled with the Apple Developer Tools. PLE is used to view and edit plist files. Plist files are system files within the OS X operating system used to organize data. |
| Hash Tab v2.3 | Validation | 2009-04-02 | HashTab v2.3 is a Windows shell extension which adds a tab called File Hashes to the Windows Explorer file properties. The tab contains MD5, SHA-1 and CRC-32 hash algorithms. These are common hashes that are used to verify the integrity and authenticity of files. HashTab makes it simple for Windows users to get the hash of any file on the system without using external tools. |
| OmniOutliner v3.7.2 | Validation | 2009-03-24 | OmniOutliner is an OS X based tool used to create, view, and edit documents. Plist files are system files used within the OS X operating system to organize data. |
| Retrospective v1.2b3 | Validation | 2009-03-24 | Retrospective is an OS X based tool used to search through the web cache created by the Safari web browser. |
| FDE v2.0 | Validation | 2009-04-28 | FDE v2.0 was created to provide a triage function for DCFL and submitting case agents. The Carver EnScript carves out all graphics, movies, chat, email with graphic attachments, web cache, and web searches from the disk images in a case. |
| Decode v2.07 | Validation | 2009-04-28 | Decode v2.07, from Digital Detective, was designed to decode the various date/time values found embedded within binary and other file types. It supports various Windows, Unix and HFS date/time formats and will allow you to specify the offset from GMT. |
| EnCase v6.13.0.43 | Validation | 2009-06-22 | EnCase is a Windows based digital forensic analysis tool created by Guidance Software. It has many features, including the ability to analyze multiple platforms, view various file formats, acquire images, hash images, parse emails and attachments, and identify and support various file systems. |
| Forensic Recovery of Evidence Device FRED | Validation | 2009-05-08 | FRED (Forensic Recovery of Evidence Device) is a desk-top computer constructed with a number of removable bays of different types, as well as built-in write blockers to accommodate add on devices where needed. |
| WinHex v14.7 SR-1 | Validation | 2009-04-28 | WinHex is a general purpose hex editor produced by X-Ways Software Technology, AG. WinHex can be used to view the raw contents of files and disks, modify their contents, and hash their contents. |
| AScan v2.0 | Validation | 2009-05-08 | Ascan is a command line function that is used in the Windows environment to extract information from the files and data structures of Limewire /Bearshare/Ares Galaxy that are artifacts of the products. |
| hdiutil - Shadow Mount & Partition Information | Validation | 2009-05-28 | Hdiutil is a command-line tool developed by Apple Inc as a part of the OS X operating system. The purpose of this tool is to create and manipulate disk image files using the disk image framework. |
| SQLite Database Browser v1.3 | Validation | 2009-05-28 | SQLite DB is a freeware, public domain, open source visual tool used to create, design, and edit database files compatible with SQLite. SQLite DB is intended to be used for users and developers that want to create databases, edit, and search data using familiar spreadsheet-like interface without the need to learn complicated SQL commands. |
| Xplorer360 beta v0.9 | Validation | 2009-05-26 | Xplorer360 is a Windows-based tool used to access the hard drives used within the Xbox360 game console. Xplorer360 has the capability to view all partitions and file systems on the hard drive. |
| DC3dd v6.12.4 | Validation | 2009-05-28 | dc3dd is a command line function used in the Linux environment. The purpose of dc3dd is to image and hash case evidence to be used in DCFL for examination. The creation of dc3dd provides a LINUX and Mac OS environment tool that delivers the logging and specific data formats that help DCFL in their efforts to provide automatically generated byte counts and sector counts while properly handling bad sectors when encountered. |
| COFEE v1.0 | Validation | 2009-07-07 | COFEE was developed by Microsoft Corporation as a Windows based incident responder's toolkit for live analysis of a victim system. |
| GMER v1.0.15.14966 | Validation | 2009-07-07 | GMER was developed by Przemyslaw Gmerek. GMER scans live systems for hidden processes, hidden threads, hidden services, hidden files, hidden alternate data streams, hidden registry keys, drivers hooking SSDT (System Service Descriptor Table), drivers hooking IDT (Interrupt Descriptor Table), drivers hooking IRP (I/O Request Packet) calls, and inline hooks. |
| VMware Disk Mount v5.5 | Validation | 2009-02-23 | The tests and procedures contained herein apply to VMware Disk Mount, developed by the VMware Inc. Disk Mount utility is designed to allow the mounting of an unused virtual disk as a separate drive without needing to connect to the virtual disk from within a virtual machine. It is also able to mount specific volumes of a virtual disk if the disk is partitioned. |
| FDE v2.1 | Validation | 2009-07-07 | The Forensic Data Extraction (FDE) tool was created to provide a triage function for DCFL and Case Agents using EnCase. The FDE consists of five entities: 1) an EnCase carver EnScript; 2) a FrontEnd processor; 3) a callable Human Detect application; 4) a Thinstall client to run the FrontEnd on a Case Agents machine; and 5) an EnCase import EnScript. |
| NetAnalysis,version 1.37.0030 | Validation | 2009-02-04 | NetAnalysis is designed for the analysis of internet history. The source of the evidence can be a physical write-protected device, a write-protected logical device, a flat file forensic DD image, a Paraben Replicator Image, or a mounted file or disk. NetAnalysis has a History Extractor to search and extract history records from unallocated space. |
| BinText v3.01 | Validation | 2009-07-28 | BinText v3.01, a software tool developed by Foundstone, is designed to extract plain ASCII text, Unicode (double byte ANSI) text, and Resource strings from a file. |
| Bookmark Extractor v1.0 | Validation | 2009-07-28 | Bookmark Extractor was developed by DCCI. Bookmark Extractor is an EnCase EnScript designed to extract user selected bookmarks to a user specified file. |
| RemoteDll v1.3 | Validation | 2009-07-09 | RemoteDll v1.3 is a Windows application developed by Talekar Nagareshwar. RemoteDll allows a user to inject or remove DLLs into or from running processes. |
| Wiebe Tech Write Blocker FRTX 400H-QJ | Validation | 2009-07-28 | Write block support is provided via WiebeTechs proprietary write block technology that offers easy read-only access to suspect hard drives through high speed FireWire 800 (400 compatible), USB2, or eSATA interfaces. |
| HashTab v3.0 | Validation | 2009-11-06 | HashTab was developed by Cody Batt. HashTab is a Windows shell extension which adds a tab called File Hashes to the Windows Explorer file properties. The tab contains the MD5, SHA-1 and CRC-32 file hashes. These are common hashes that are used to verify the integrity and authenticity of files. |
| CaptureBat v2.0 | Validation | 2009-10-15 | CaptureBat is a Windows based behavioral analysis tool developed by The Honeynet Project. The purpose of this tool is to find out how software operates on a system without having the source code. This is accomplished by monitoring the system's registry, process, and file activities. |
| Registry Viewer v1.5.4.44 | Validation | 2009-11-06 | Registry Viewer was developed by Access Data. This tool allows the user to view registry entries from foreign machines, read encrypted data such as passwords, and is fully integrated with the Forensic Toolkit Suite. |
| FTK Imager v2.6.1.6.2 | Validation | 2009-11-18 | FTK Imager was developed by Access Data. It is a data preview and imaging tool that allows a user to quickly access electronic evidence to determine if further analysis with a Forensic Toolkit is warranted. FTK Imager can also create forensic images of computer data without making changes to the original evidence. |
| DCCI AScan v3.0 | Validation | 2009-11-18 | AScan3.0 was developed by Joseph Lewthwaite, a contractor at the Defense Cyber Crime Center (DC3)/ Defense Cyber Crime Institute (DCCI). AScan3.0 is a command line function that is used in the Windows environment to extract information from the files and data structures of Limewire /Bearshare/Ares Galaxy, which are artifacts of the products. |
| Decode v2.07 | Validation | 2009-11-18 | Decode was developed by Digital Detective. Decode was designed to decode the various date/time values found embedded within binary and other file types. It supports various Windows, Unix and HFS date/time formats and will allow you to specify the offset from GMT. |
| NetAnalysis v1.37 | Validation | 2009-11-20 | NetAnalysis was developed by Digital Detective. This tool has been designed for the analysis of the internet history data. Netanalysis has its own History Extractor which will allow you to identify the evidence quickly and easily. |
| Mount Image Pro v2.44 | Validation | 2009-11-20 | MIP was developed by GetData. MIP is a utility to mount disk drive images as logical drive letters under Windows, and provides read-only access to the contents of an image file. This tool supports the following image types: EnCase, SMART, Raw, and ISO. |
| ADROIT Photo Forensics v1.002 | Validation | 2009-11-20 | APF was developed by Digital Assembly. APF is a Windows based tool used to carve picture files from a disk or disk image. The carving operations are accomplished using several methods. These include sequential carving of unallocated space, carving based on data left in system logs, using human expertise to recover fragmented files, and applying a proprietary method. |
| PRTK 6.4 | Validation | 2009-11-20 | PRTK was developed by AccessData. PRTK is a password recovery program for standalone computer operations. It is a tool for extracting the contents of forensic examination case files with unknown passwords. |
| Genpmk v1.0 | Validation | 2009-11-20 | BackTrack was developed by Max Moser, Mati Aharoni, Martin J. Muench, and others. Genpmk creates a rainbow table from plaintext passphrases. Another Backtrack utility, coWPAtty, must be executed to prove that the rainbow table was created correctly. It performs a brute force attack utilizing rainbow tables to recover the password of a WPA-secured network. |
| FTK v1.81.5 | Validation | 2009-12-01 | FTK was developed by Access Data. It is a windows based forensic suite used to perform forensic investigations. FTKs features include case file creation, adding and analyzing evidence drives, and file carving. DCCI will test FTK to ensure that it performs certain features as it explains in the user manual. |
| DCCI P2P Scan | Validation | 2009-12-01 | AScan3.0 was developed by Joseph Lewthwaite a Contractor at the Defense Cyber Crime Center (DC3)/ Defense Cyber Crime Institute (DCCI). AScan3.0 is a command line function that is used in the Windows environment to extract information from the files and data structures of Limewire /Bearshare/Ares Galaxy, which are artifacts of the products. The function of AScan3.0 is to collect and organize the information collected into an HTML document that will present the artifact information in an easy to read format. |
| WinHex Version 15.3 | Validation | 2009-12-01 | Winhex was developed by X-Ways Software Technologies AG. WinHex is a general purpose hex editor that can be used in forensic examinations of physical disks, logical disks, and disk images. WinHex can open files, logical volumes, and physical devices. |
| Metadata Assistant v2.12.214 | Validation | 2009-12-01 | Metadata Assistant was developed by the Payne Consulting Group Inc. The tool is designed to identify, or clean, metadata on Microsoft utilities such as Word, Excel, and PowerPoint, as well as Adobe PDF documents. Metadata is information that might not be visible to a computer user and may include information such as user name, computer name, company name, or document properties. |
| MD5Sum 2.0 | Validation | 2009-12-01 | MD5Sum was developed by Ulrich Drepper. MD5Sum is a standalone command-line utility that uses the well-known MD5 hash algorithm to generate MD5 hash values of data files and to check MD5 hash values of data files that have known MD5 hash values. |