I was Stumbling around the Internet the other day and came across a really cool open source project that combines a number of computer forensics tools into one environment. If you are unfamiliar with computer forensics, Wikipedia describes it as:
...a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.Long story short, you use the art of computer forensics to discover destroyed data and/or compile evidence on computer systems. You see this in the movies when cops recover files from a wiped hard drive. Stuff like that...
Anyway, this open source project is called PlainSight!
From their page:
PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners [to] perform common tasks using powerful open source tools.
We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.
With PlainSight you can perform operations such as:All of these tools in one place can be very handy for any IT professional. Not just for security guys, or law enforcement agencies.
You can see PlainSight in action in the demo section. However we think that the best way to learn about it is to download the PlainSight iso from the downloads section and boot a computer with it.
- Get hard disk and partition information
- Extract user and group information
- View Internet histories
- Examine Windows firewall configuration
- Discover recent documents
- Recover/Carve over 15 different file types
- Discover USB storage information
- Examine physical memory dumps
- Examine UserAssist information
- Extract LanMan password hashes
- Preview a system before acquiring it
Are you going to download their ISO and try out their tools? If so, let us know what you think in the comments!