Gentoo Packages

Category: app-forensics

• afflib - Ebuilds: 1, Stable: 3.7.20-r1, Testing: 3.7.20-r1
  Description: Library that implements the AFF image standard
  Homepage: https://github.com/sshock/AFFLIBv3/
  License: BSD
• afl - Ebuilds: 1, Testing: 2.57b-r2
  Description: american fuzzy lop - compile-time instrumentation fuzzer
  Homepage: https://lcamtuf.coredump.cx/afl/
  License: Apache-2.0
• aflplusplus - Ebuilds: 3, Stable: 4.32c, Testing: 4.35c
  Description: Fork of AFL, the popular compile-time instrumentation fuzzer
  Homepage: https://github.com/AFLplusplus/AFLplusplus
  License: Apache-2.0
• aide - Ebuilds: 1, Stable: 0.18.8, Testing: 0.18.8
  Description: AIDE (Advanced Intrusion Detection Environment) is a file integrity checker
  Homepage: https://aide.github.io/ https://github.com/aide/aide
  License: GPL-2+
• chkrootkit - Ebuilds: 2, Stable: 0.58b, Testing: 0.59
  Description: Tool to locally check for signs of a rootkit
  Homepage: https://www.chkrootkit.org/
  License: BSD-2
• cmospwd - Ebuilds: 1, Stable: 5.1-r1
  Description: CmosPwd decrypts password stored in cmos used to access BIOS SETUP. Works with the following BIOSes - ACER/IBM BIOS - AMI BIOS - AMI WinBIOS 2.5 - Award 4.5x/4.6x/6.0 - Compaq (1992) - Compaq (New version) - IBM (PS/2, Activa, Thinkpad) - Packard Bell - Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107 - Phoenix 4 release 6 (User) - Gateway Solo - Phoenix 4.0 release 6 - Toshiba - Zenith AMI
  Homepage: https://www.cgsecurity.org/wiki/CmosPwd
  License: GPL-2
• dfxml - Ebuilds: 1, Testing: 20170921-r2
  Description: Digital Forensics XML
  Homepage: https://github.com/simsong/dfxml
  License: LGPL-3
• examiner - Ebuilds: 1, Stable: 0.5-r3
  Description: Utilizes the objdump command to disassemble and comment foreign binaries
  Homepage: http://www.academicunderground.org/examiner/
  License: GPL-2+
• foremost - Ebuilds: 1, Stable: 1.5.7-r4, Testing: 1.5.7-r4
  Description: Console program to recover files based on their headers and footers
  Homepage: https://foremost.sourceforge.net/
  License: public-domain
• galleta - Ebuilds: 1, Stable: 20040505_p1-r1, Testing: 20040505_p1-r1
  Description: IE Cookie Parser
  Homepage: https://sourceforge.net/projects/odessa/
  License: BSD
• honggfuzz - Ebuilds: 1, Testing: 2.6
  Description: A general purpose fuzzer with feedback support
  Homepage: https://honggfuzz.dev/
  License: Apache-2.0
• lynis - Ebuilds: 1, Testing: 3.1.6
  Description: Security and system auditing tool
  Homepage: https://cisofy.com/lynis/
  License: GPL-3
• mac-robber - Ebuilds: 1, Stable: 1.02-r1, Testing: 1.02-r1
  Description: mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system. The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on the grave-robber tool from TCT and is written in C instead of Perl. mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions. "What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used mac-robber during investigations of common UNIX systems such as AIX.
  Homepage: http://www.sleuthkit.org/mac-robber/index.php
  License: GPL-2
• magicrescue - Ebuilds: 1, Stable: 1.1.10-r4, Testing: 1.1.10-r4
  Description: Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. It looks at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or partition. As long as the file data is there, it will find it. It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon.
  Homepage: https://github.com/jbj/magicrescue
  License: GPL-2+
• memdump - Ebuilds: 1, Stable: 1.01-r1
  Description: Simple memory dumper for UNIX-Like systems
  Homepage: http://www.porcupine.org/forensics
  License: IBM
• pasco - Ebuilds: 1, Stable: 20040505_p1-r2, Testing: 20040505_p1-r2
  Description: IE Activity Parser
  Homepage: https://sourceforge.net/projects/odessa/
  License: BSD
• radamsa - Ebuilds: 2, Testing: 0.7-r1, 0.7
  Description: A general-purpose fuzzer
  Homepage: https://gitlab.com/akihe/radamsa
  License: MIT
• rifiuti - Ebuilds: 1, Stable: 20040505_p1-r1, Testing: 20040505_p1-r1
  Description: Recycle Bin Analyzer
  Homepage: https://sourceforge.net/projects/odessa/
  License: BSD
• rkhunter - Ebuilds: 1, Stable: 1.4.6-r2, Testing: 1.4.6-r2
  Description: Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers
  Homepage: https://rkhunter.sf.net/
  License: GPL-2+
• scalpel - Ebuilds: 1, Testing: 2.1_pre20210326
  Description: Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files or data fragments from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, HFS+, or raw partitions. It is useful for both digital forensics investigation and file recovery.
  Homepage: https://github.com/sleuthkit/scalpel
  License: Apache-2.0
• sleuthkit - Ebuilds: 1, Stable: 4.12.1-r2, Testing: 4.12.1-r2
  Description: A collection of file system and media management forensic analysis tools
  Homepage: https://www.sleuthkit.org/sleuthkit/
  License: BSD CPL-1.0 GPL-2+ IBM java? ( Apache-2.0 )
• unhide - Ebuilds: 1, Testing: 20220611
  Description: Forensic tool to find hidden processes and TCP/UDP ports by rootkits/LKMs
  Homepage: https://www.unhide-forensics.info
  License: GPL-3+
• volatility3 - Ebuilds: 2, Stable: 2.26.2, Testing: 2.27.0
  Description: Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system.
  Homepage: https://github.com/volatilityfoundation/volatility3/ https://www.volatilityfoundation.org/
  License: Volatility-1.0
• yara - Ebuilds: 3, Stable: 4.5.5, Testing: 9999
  Description: YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns.
  Homepage: https://virustotal.github.io/yara/
• yara-x - Ebuilds: 4, Stable: 1.10.0-r1, Testing: 1.14.0
  Description: YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. YARA-X is a re-incarnation of YARA rewritten in Rust, eventually replacing YARA.
  Homepage: https://virustotal.github.io/yara-x/
  License: BSD Apache-2.0 Apache-2.0-with-LLVM-exceptions BSD CC0-1.0 EPL-2.0 ISC MIT MPL-2.0 Unicode-3.0 Unicode-DFS-2016 WTFPL-2 ZLIB
• zzuf - Ebuilds: 2, Testing: 0.15_p20220529
  Description: Transparent application input fuzzer
  Homepage: http://caca.zoy.org/wiki/zzuf
  License: WTFPL-2