File000175
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

File000175

on

  • 333 views

 

Statistics

Views

Total Views
333
Views on SlideShare
333
Embed Views
0

Actions

Likes
0
Downloads
20
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

File000175 Presentation Transcript

  • 1. Module LXII - Windows-Based GUI Tools
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Process Viewer tools • Registry Tools • Desktop Utility Tools • Office Application Tools • Remote Control Tools • Network Tools • Network Scanner Tools • Network Sniffer Tools • Hard Disk Tools • Hardware Info Tools • File Management Tools • File Recovery Tools • File Transfer Tools • File Analysis Tools • Password Tools • Password Cracking Tools • Other GUI Tools This module will familiarize you with the following tools: Module Objective
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Process Viewer Tools Office Application Tools Desktop Utility Tools Remote Control Tools Registry Tools Network Scanner Tools Network Tools Network Sniffer Tools Hard Disk Tools File Recovery Tools Password Tools Hardware Info Tools File Analysis Tools File Management Tools File Transfer Tools Other GUI Tools Password Cracking Tools
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Process Viewer Tools
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CurrProcess http://www.nirsoft.net/ • Modify the priority of a particular process • Kill a process • Dump memory of processes into a text file CurrProcess tool allows the user to:
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Process Explorer http://technet.microsoft.com/ Process Explorer displays currently active processes Allows the user to search which processes have certain handles opened or DLLs loaded Tracks down DLL-version problems or handle leaks
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ProcessMate http://www.softlookup.com/ ProcessMate lists all active processes and resolves their unique IDs, paths, and number of threads Gathers information about all active processes and paths Stops/kills any process
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ServiWin http://www.nirsoft.net/ ServiWin displays the list of installed drivers and services on your system Allows the user to stop, start, restart, pause, or resume a service or driver The user can modify the startup type of a service or driver
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Registry Tools
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Autoruns http://technet.microsoft.com/ Comprehensive knowledge of auto-starting Disables and deletes entries Configures the displayed locations and entries Gets more information about the entry Supports all versions of Windows
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Autostart Viewer http://www.diamondcs.com.au/ View and control tool for Windows Programs can be modified and deleted User interface tool Detects MSBLASTER worm
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Emergency Recovery Utility NT (ERUNT) http://www.larshederer.homepage.t-online.de/ ERUNT supports command-line switches Registry backup and restore for Windows NT/2000/2003/XP ERUNT programs are localizable
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HijackThis http://us.trendmicro.com/ HijackThis scans computer browser and operating system settings to generate a log file of the current state of a computer Using HijackThis, you can selectively remove unwanted settings and files from the computer It creates a report, or log file, with the results of the scan
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HijackThis: Screenshot
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Loadorder http://technet.microsoft.com/ Shows the order that Windows load device driver Device drivers for Windows 2000 may load in different order Supports Windows NT/2000
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regbrws http://www.sysdevsoftware.com/ Regbrws tool browses the registry Supports Pentium compatible computers Also supports Windows NT/2000
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regedit PE http://sourceforge.net/ Regedit PE tool edits remote Registry hives and user profile Windows Registry changes are made without booting Windows Import and export Registry keys Print the Registry
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regscanner http://www.nirsoft.net/ Regscanner scans the registry Standalone executable tool Programs are localizable
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Desktop Utility Tools
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BossKey http://keir.net/ BossKey is a virtual desktop program Windows can be designated always visible A single keypress can instantly flip between windows/applications
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Count Characters http://www.funduc.com/ Count Characters dumps the contents of various combo, edit, list boxes, static, and button fields to the clipboard Reveals the plain text counterpart to some Windows password edit fields Shows how applications are built
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HoverSnap http://www.hoverdesk.net/ HoverSnap is a handy snapshot tool that supports jpg, png, bmp, and gif file formats Takes snapshots of the full screen, active window or a selected area Captures optional sound
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Lens http://users.pandora.be/liontech Lens magnifies the selected area on your screen Size determined by the size of the window Cursor keys can be used to move the mouse cursor
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pixie http://www.nattyware.com/ Pixie is a easy-to-use, fast, and tiny utility Color picker that includes a mouse tracker Point to a color and it will tell you the hex, RGB, HTML, CMYK, and HSV values of that color
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PureText http://www.stevemiller.net/ PureText pastes text from a web page, a Word document, help , etc. as simple text into another application without getting all the formatting from the original source Can also configure a system-wide Hot-Key to be used to activate PureText Removes rich formatting from text
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ShoWin http://www.foundstone.com/ ShoWin displays useful information about windows by dragging a cursor over them Displays hidden password editbox fields Ability to enable windows that have been disabled
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sizer http:// www.brianapps.net/ Sizer allows any window to be resized to predefined dimensions To set a window size accurately before a taking a screen grab Works on all resizeable windows Displays a tooltip that shows the exact size of a window
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SysExporter http://www.nirsoft.net/ SysExporter grabs the data stored in standard list-views, tree-views, list boxes, and combo boxes from almost any application running on your system, and export it to text, HTML or XML file Its a standalone executable tool that can export data from most combo boxes, list boxes, tree-view, and list-view controls
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Office Application Tools
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Atlantis Nova http://www.myzips.com/ Atlantis Nova is a compact word processor Can work with up to 50 documents simultaneously Supports multiple document formats such as RTF, MS Word, MS write etc.
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Character Grid Character Grid displays the full character set of the selected font Can also display the ASCII code of each character either in hexadecimal or decimal format
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DateStat http://www.1-4a.com/ DateStat is used to show the difference(=age) between two dates
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DBF Explorer http://www.pablosoftwaresolutions.com/ DBF Explorer helps in viewing and editing DBF files Easy-to-use, simple, and intuitive interface User can add, edit, delete, or undelete records Can update field structures Can create new DBF database files
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DHB stands for Decimal-Hexadecimal-Binary A small utility that depicts key values in various number systems DHB Workshop http://www.seelhofer.ch/
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited XML Editor http://www.firstobject.com/ XML Editor provides high performance text editing and parsing of text files • aligning and indenting xml • print, print preview • Email sending etc Editor supports
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Foxit PDF Reader http://www.foxitsoftware.com/ Foxit PDF Reader is a free reader for PDF documents Can view and print PDF documents Easy to use
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Irfan View http://www.irfanview.com/ Irfan View is a graphic viewer for Windows 9x/ME/NT/2000/XP/2003 Supports multiple GIF support, multipage TIF support, multiple ICO support
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MetaPad http://www.liquidninja.com/ MetaPad is a small, fast text editor for Windows 9x/NT/XP Additional features than Microsoft Notepad
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PrintServer http://home.planet.nl/ PrintServer is a HTML 3.2 frames enabled off-line browser to print and preview html documents and images • selectable zoom • select print pages • single/two page view Main features:
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Remote Control Tools
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Gencontrol http://www.gensortium.com/ Gencontrol is a desktop remote control program No separate server installation is required Supports Windows 2000/NT/XP
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IVT http://home.planet.nl/ IVT stands for Interactive Video Terminal VT220 terminal emulator for windows Multi session, multi protocol, single window
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Putty http://www.chiark.greenend.org.uk/ Putty is a free implementation of Telnet and SSH Records the host key for each server
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited VNC Viewer http://www.realvnc.com/ VNC stands for Virtual Network Computing Remote control software Works on cross platform
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Network Tools
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Adapterwatch http://www.nirsoft.net/ Adapterwatch displays relevant information about network adapters – IP addresses, Hardware addresses, WINS servers, DNS servers etc., Extracts general TCP/IP/UDP/ICMP statistics for your local computer
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Commtest http://www.roadkil.net/ Commtest examines the speed of a network between two computers Measures network performance and reliability
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CurrPorts http://www.nirsoft.net/ CurrPorts displays detailed list of all TCP / UDP endpoints of the system Permits to close unwanted TCP connections Automatically identifies suspicious TCP/UDP ports of unidentified applications
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hey Joe! http://www.ampsoft.net/ Hey Joe! is a simple messaging utility Modeled to transfer messages over Windows local networks and intranets Limited consumption of memory and resources
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IP2 http://keir.net/ IP2 determines IP addresses for both WAN and LAN A list of built-in servers enables the program to send a request and receive a reply from a remote server containing Internet accessible IP address
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IP Netinfo http://www.nirsoft.net/ IP Netinfo displays all available information about an IP address (Whois) Helps in finding the origin of unsolicited mail Converts host’s name to IP address
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Ldp http://download.microsoft.com/ Ldp permits LDAP operations to be performed against Active Directory Allows users to perform Lightweight Directory Access Protocol
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Necrosoft Dig http://www.nscan.org/ Supports 20 different queries to name server Necrosoft Dig is a TCP-based DNS client supporting AXFR zone transfer • Traditional mode • Extended mode Holds two operation modes
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited POP3 Preview http://www.pablosoftwaresolutions.com/ POP3 Preview deletes SPAM messages and viruses before downloading Includes a spam filter
  • 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Popcorn http://www.ultrafunk.com/ Popcorn is a lightweight e-mail client for Windows 9x/ME/NT/2000/XP/2003 Works as a client/server application Supports multiple account profiles Fits easily on a floppy or other portable media
  • 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Quick Mailer http://pyric.org/ Quick Mailer is extremely small and fast program for sending E- mail Size and flexibility features makes it ideal to support the above functionality Easy to integrate with a web server
  • 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TCPView http://technet.microsoft.com/ TCPView displays the list of all currently connected TCP/IP and UDP ports on a local computer Provides a more informative and conveniently presented subset of the Net stat program Works on Windows NT/2000/XP and Windows 98/Me
  • 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Trout http://www.foundstone.com/ Trout is a visual trace route and Whois program Pinging can be set at a controllable rate
  • 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WinArpSpoof http://www.codeproject.com/ • Pulls and collects all the packets on the LAN • Scans and shows the active hosts on the LAN within a short time Features: WinArpSpoofer manipulates the ARP table of another computer on a LAN
  • 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attack Tool Kit(ATK) http://www.computec.ch/ ATK tool for Windows to realize fast checks for dedicated vulnerabilities It is able to do the work without great interaction
  • 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DDos Ping http://www.foundstone.com/ DDos Ping is a network admin utility for remotely detecting the most common DDoS programs Remote scanner for the most common Distributed Denial of Service programs
  • 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DNSWalker http://sourceforge.net/ DNSWalker is a lookup DNS names by walking through IP ranges
  • 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DSScan http://www.foundstone.com/ DSScan is an admin utility for remotely detecting LSASS vulnerability Scan multiple IP ranges and send an alert message to the vulnerable systems
  • 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited GetAcct http://packetstormsecurity.org/ GetAcct tool is used to acquire account information on Windows NT/2000 machines
  • 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited JJJExec http://www.joejoesoft.com/ JJJExec can execute command line statements remotely on the selected computers
  • 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MyDoomScanner http://www.foundstone.com/ MydoomScanner is a Windows GUI scanner Helps to find the systems infected with the Mydoom worm
  • 67. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netstumbler http://www.netstumbler.com/ Netstumbler allows to detect Wireless Local Area Networks (WLANs) Find locations with poor coverage in WLAN Detects unauthorized "rogue" access points in your workplace
  • 68. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RPCScan http://www.foundstone.com/ RPCScan enumerates the RPC endpoint-map elements for port 135 and the interface IDs of each TCP/UDP endpoint It works only on Pentium compatible computers
  • 69. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RPCScan2 http://www.foundstone.com/ RPCScan2 is a Windows based detection and analysis utility It can accurately identify vulnerabilities caused due to multiple buffer overflows in Microsoft operating systems
  • 70. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ShareEnum http://technet.microsoft.com/ ShareEnum uses NetBIOS enumeration to scan all the computers It allows to lock down file shares in your network It works on Windows NT/2000/XP
  • 71. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Shed http://keir.net/ Shed is a fast Windows shared resource scanner Multiple potential hosts are scanned in parallel Designed to run on a PC running Windows NT/2000
  • 72. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SNScan http://www.foundstone.com/ SNScan is a Windows based SNMP detection utility SNScan can quickly and accurately identify potential areas of exposure to SNMP related vulnerabilities
  • 73. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SuperScan http://www.foundstone.com/ SuperScan is a powerful TCP port scanner, pinger, and resolver It is intended for Windows 2000 and XP only
  • 74. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Network Sniffers
  • 75. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyzer http://technet.microsoft.com/ Analyzer is a tool used to capture packets on network Displays the captured packets through a graphical interface
  • 76. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IPSniffer http://erwan.l.free.fr/ IPSniffer is a packet sniffer that uses the XP/2K raw socket features Supports filtering rules, packet decoding, etc
  • 77. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NGSSniff http://www.ngssoftware.com/ NGSSniff is a packet sniffing and analysis application Captures using raw IP Windows sockets
  • 78. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Show Traffic http://www.demosten.com/ Show Traffic tool monitors network traffic on the chosen network interface Locates suspicious network traffic
  • 79. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SmartSniff http://www.nirsoft.net/ SmartSniff tool captures TCP/IP packets that pass through network adapter Packets captured is viewed as a sequence of conversations between client and server
  • 80. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sniphere http://www.securesphere.net/ Sniphere is a network wiretapping program for Windows Efficient compared to other sniffers
  • 81. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hard Disk Investigation Tools
  • 82. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 48-bit LBA Technology http://www.48bitlba.com/ 48-bit LBA Technology extends the capacity of IDE ATA/ATAPI devices With the support of 48-bit addressing, the limit has ranged up to 144 petabytes
  • 83. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Darik’s Boot and Nuke http://www.dban.org/ Darik’s Boot and Nuke is a self-contained boot floppy Removes completely all the detectable information in the hard disk
  • 84. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DirectDisk http://sourceforge.net/ DirectDisk allows to directly access physical sectors from floppy, hard disks, logical volumes, and CDRoms Helps to create boot disks manually Assists in selecting logical or physical disks
  • 85. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disk Checker http://www.rssoftlab.com/ Disk Checker is a disk diagnostics and repairs tool with backup ability It supports file access and direct access checking It can create disk images compatible with disk image files It can repair error in FAT or physical defect
  • 86. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disk Investigator http://www.theabsolute.net/ Disk Investigator tool discovers hidden information on the hard disk Can recover lost data Assists in searching raw directories, files, clusters, and system sectors Verifies effectiveness of the file
  • 87. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskMon http://technet.microsoft.com/ DiskMon logs and displays all hard disk activity on a Windows system Acts as a disk light Supports timed duration Events
  • 88. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskPatch http://www.diydatarecovery.nl/ DiskPatch is a menu driven DOS program designed to solve a wide range of hard disk problems Allows to edit disk using the built-in disk editor, partition table editor, and boot sector editor
  • 89. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskPie Pro http://www.pcmag.com/ DiskPie Pro consists of customizable pie charts, which visually finds overweight folders and files Helps in cleaning the hard drive Acts as a watchdog, quietly monitoring the disk
  • 90. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Emsa DiskCheck http://www.e-systems.ro/ Emsa DiskCheck is a dual- purpose utility, for disk checking and benchmarking Used for scanning removable disks Used for speed comparison Accesses the disk table contents and computes file information
  • 91. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hard Disk Indicator, HDSpeed http://www.pcworld.com/, http://www.softogether.com/ HDSpeed • Measures both sustained and burst data transfer rates of the hard disks • Displays real-time graphics Hard Disk Indicator • Adds hard disks led at the system tray
  • 92. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HD Tach http://www.simplisoftware.com/ HD Tach is a low level hardware benchmark for random access read/write storage devices It measures the sequential read speed, the random access speed, interface burst speed, and CPU utilization of the drive
  • 93. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HD Tune http://www.hdtune.com/ • Benchmark • Info • Health • Error Scan • Temperature display Following are the functions: Measures performance of the hard disk Retrieves important information such as the temperature, SMART parameters, firmware version, and buffer size
  • 94. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HDClone http://www.hdclone.com/ HDClone creates logical copies of hard disks and other mass storage media It is used for backups and copy the entire software or operating system installations It works independent of partitioning scheme, file system, and operating system
  • 95. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HDClone: Screenshot
  • 96. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HDINFO Tool http://www.48bitlba.com/ HDINFO Tool provides information about ATA devices installed on the system Detects hard drive information Reports critical operating system information Includes the self-booting operating system independent tool IDEINFO
  • 97. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Maxtor Tools http://www.seagate.com/ Maxtor MaxBlast • ATA/IDE hard drive installation utility • Makes hard drive installations and upgrades • Supports up to four ATA devices in the same system • Compatible for both Fast ATA and Serial ATA Maxtor PowerMax • Performs diagnostic read/write verifications on Maxtor and Quantum hard drives • Effective on all ATA (IDE) hard drives • Recommended for troubleshooting potential hard drive problems
  • 98. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MBRtool http://www.diydatarecovery.nl/ MBRtool is a DOS program designed to back up, restore, and manipulate anything in the hard disk MBR and track0 Edits partition tables and changes attributes for partitions Re-creates a MBR from scratch
  • 99. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MBRWork http://www.terabyteunlimited.com/ MBRWork performs some common and uncommon tasks to the MBR/EMBR/Sectors of a hard drive
  • 100. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sectedit http://www.roadkil.net/ Sectedit edits the individual sectors of a disk either in ASCII or HEX mode Searches the disk for data and transfer blocks of information Edits/saves/prints data to any hard disk or floppy disk
  • 101. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sector Inspector http://www.microsoft.com/ Sector Inspector is a flexible diagnostics tool for safely collecting disk and file system-related data for offline analysis Additional features that allow backup and restore of sector ranges for use with other disk editing tools
  • 102. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Western Digital Diagnostic http://support.wdc.com/ Western Digital Diagnostic tool performs drive identification Provides the drive's serial and model numbers
  • 103. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Information Tools
  • 104. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Bart’s Stuff Test http://www.nu2.nu/ Bart’s Stuff Test is used for testing storage devices Supports test at file and device level Supports large volumes, up to 16 exabytes Runs on Windows 95/98/ME/NT/2000/XP
  • 105. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Central Brain Identifier http://cbid.at.tut.by/ Central brain identifier thoroughly identifies all AMD processors Provides comprehensive information about the processor’s cache Determines core voltage of mobile and AMD Athlon 64 processor
  • 106. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data LifeGuard Diagnostics for Windows locates and verifies validates the status of particular Western Digital drives Provides an option for extended test or repair to make the drive defect-free Runs under Win9x/Me/NT/W2K/XP Presents various options to verify the defect-free status of drive Data LifeGuard Diagnostics for Windows http://support.wdc.com/
  • 107. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Drive View http://www.nirsoft.net/ Drive View tool exhibits the list of currently loaded device drivers No installation required
  • 108. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dtemp http://www.private.peterlink.ru/ Dtemp tool displays hard drive temperature in the system tray Gives alerts about runaway harddisk temperature or impending harddisk failure
  • 109. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HD_Speed http://www.steelbytes.com/ HD_Speed tool measures continuous and burst data transfer rates of hard disks, CD/DVD, and floppy Realtime graphical display
  • 110. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Monitor Test http://www.roadkil.net/ Monitor test exhibits test patterns during monitor repairing Shows pure colors and white screens for color tuning Locates lost colors, and grid lines for focusing Corrects image dimension settings
  • 111. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Nero CD/DVD Speed http://www.nero.com/ Nero CD/DVD Speed scans and investigates CD/DVD drive Scandisk function verifies integrity of the CD Surface Scan examines quality of each sector and produces graphical results
  • 112. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Nero Drive Speed http://www.nero.com/ Nero Drive Speed fixes reading speed of the CD-ROM drive Runs in system tray and adjusts speed whenever required
  • 113. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Nero Info Tool http://www.nero.com/ Nero Info Tool investigates and exhibits critical information about a drive, disc, configuration and software Saves and prints the information collected
  • 114. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ReSysInfo http://www.dominik-reichl.de/ ReSysInfo is a system information viewer Has 25 information module Supports Report Wizard in three different formats: plaintext, HTML, and XML
  • 115. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIW http://www.gtopala.com/ SIW tool collects information about system settings and properties Exhibits presently active network connections, passwords hidden behind asterisks, and installed codecs
  • 116. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WinAudit http://www.pxserver.com/ WinAudit audits Windows based personal computers The report is displayed as a web page, which can be saved in a number of standard formats It can be run from a floppy diskette, USB drive, or sent by e-mail
  • 117. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WinAudit: Screenshot
  • 118. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File Management Tools
  • 119. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 1-4a Rename http://www.1-4a.com/ 1-4a Rename tool inserts/Replaces the text in the file name Changes case in the file name Scrambles the file name
  • 120. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited A43 http://www.primitus.us/ A43 is a file management utility for windows 2000/XP Integrated file search Integrated quick launch Integrated zip/unzip features Dual panel view
  • 121. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CD2ISO http://www.dubaron.com/ CD2ISO extracts .iso images from CD or DVD disk Allows to burn .iso files through any recording tool Programmed and tested under Windows 2000 Extract any file system
  • 122. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Delold http://www.savilltech.com/ Delold is a GUI based tool File gets automatically deleted Supports command line
  • 123. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disktools Imagemaker http://www.sofotex.com/ Disktools Imagemaker is a disk backup software It enables to make exact images of entire hard drive(s), or separate partitions on a hard drive, to disk files It works with any Windows operating system
  • 124. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Drvcloner XP, Cdmanipulator http://www.lexundesigns.com/, http://www.storeroom.info/ • Exactly reproduces the original partition • Clones disk partitions • Image cannot be saved DrvClonerXP • Reads, burns, copies, and masters CD-ROMs • Supports Windows 98/ME/2000/XP • Complies CD image CDManipulator
  • 125. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Drvimager XP creates and restores the drive images of partitions Creates mirror images of partition by copying Creates setups with different OS and swaps them Drvimager XP http://www.lexundesigns.com/
  • 126. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dscrypt is an AES/Rijndael file encryption software Enhanced security Advanced encryption algorithm is used Secure use of system resources User interface tool Dscrypt http://freezip.cjb.net/
  • 127. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Express Burn http://www.nch.com.au/ Express burn compile, burn audio, and data CDs CD writing program Automatically converts the file into audio CD format
  • 128. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ntouch http://www.flos-freeware.ch/ • Modifies the timestamps of files and directories • Supports command line • Supports Windows NT/2000/XP ntouch
  • 129. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RawWrite for Windows http://www.chrysocome.net/ • Copy floppy disk images to/from a file • Essential utility for creating boot and root disks for installing Linux RawWrite for Windows
  • 130. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pablo Commander http://www.pablosoftwaresolutions.com/ Pablo Commander is an integrated FTP client Intelligent Address bar
  • 131. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pagedefrag http://technet.microsoft.com/ Pagedefrag tool cannot defragment files that are open for exclusive access Defragments Windows hibernation files
  • 132. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Replace in Files, Splitter Light http://www.replace-in-files.com/, http://www.martinstoeckli.ch/ • Self extracting program • Replace strings matching the search string Replace in Files • Splitter splits the files or directories • Saves floppy disk storage space Splitter light
  • 133. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UUD32 Windows extracts binary files encoded in various formats Available in both 16-bit and 32-bit version for Windows Decoder for Windows UUD32 Windows http://www.miken.com/
  • 134. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Wintidy http://www.pcmag.com/ Wintidy tool recovers disk space Powerful multi thread web development editor Supports Windows 95/ 98/ ME/ NT/ 2000/ XP
  • 135. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File Recovery Tools
  • 136. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Handy Recovery http://www.handyrecovery.com/ • It can recover files damaged by virus attacks, power failures, and software faults or files from deleted and formatted partitions • It can also recover files moved to Recycle Bin after it has been emptied • It can search for files by name or mask and show the probability of recovery for each file Features: Handy Recovery restores files which are deleted from hard disks and memory cards Recovered files can be saved to any disks accessible on system
  • 137. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PC Inspector http://www.pcinspector.de/ PC Inspector File Recovery is a data recovery program that supports the FAT 12/16/32 and NTFS file systems
  • 138. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Restoration http://www3.telus.net/ Restoration is an easy to use and straight forward tool to undelete files Ability to restore photos from a Flash card
  • 139. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited R-Linux http://www.data-recovery-software.net/ R-Linux is an file recovery utility for the Ext2FS file system used in the Linux OS and several Unix OS
  • 140. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Smart Recovery http://www.pcinspector.de/ The new data recovery program from CONVAR Easy, quick, and reliable Supports picture formats
  • 141. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Zip File Recovery http://www.zipfilerecovery.com/ Zip File Recovery recovers data from damaged zip archives Repairs and salvages the damaged Zip archive
  • 142. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File Transfer Tools
  • 143. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Basic FTP server Powerful for complex servers Supports multi threading 4FTP and 1user interface classes are present Babyftp Server http://www.pablosoftwaresolutions.com/
  • 144. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Babypop3 Server integrates with Microsoft SMTP server Supports standard POP3 commands Supports multi threading Babypop3 Server http://www.pablosoftwaresolutions.com/
  • 145. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Babyweb Server is an alternative for Microsoft’s IIS Simple web server with ASP support Real time server log Babyweb Server http://www.pablosoftwaresolutions.com/
  • 146. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dropupload, File Gateway http://www.rankspirit.com/ • Strong and useful Upload spooler for FTP management • Supports Windows NT/2000/XP • Creates multiple servers • No installation is required Dropupload • Works across any proxy that supports HTTP • Supports for NT file security • Friendly with HTTP proxies/ firewalls/routers File Gateway
  • 147. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Freeway FTP tool acts as both FTP server as well as FTP client Tracking of file transfer progress is difficult Transfers file without copying Multi connections and multiple file transfer is allowed Freeway FTP http://www.agric.za/
  • 148. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HFS HTTP File Server is designed to share files Web server Requires no installation Supports Windows 98/ ME/ NT/ 2000/ XP HFS HTTP File Server http://www.rejetto.com/
  • 149. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Start, stop, and resume downloads • Used for uploads in Windows SMBDownloader • Throttled flexible file copier for Windows • Copies file without overloading Nullsoft Copy Nullsoft Copy, Smbdownloader http://www.nullsoft.com/, http://www.koepi.org/
  • 150. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Simple Socket File Transfer http://www.whitsoftdev.com/ Simple Socket File Transfer tool transfers file using TCP port ANSI, Unicode builds • Active mode • Passive mode Modes of computer
  • 151. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Synchronize It! http://www.grigsoft.com/ Synchronize It! is a tool that synchronizes the data between home and office or desktop and notebook computers It supports various archive types, so you can use it as a backup solution • Ability to change copy direction or delete files • Date filter helps to find files you changed recently • Archives synchronization Features:
  • 152. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Synchronize It!: Screenshot
  • 153. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TFTPD32 http://tftpd32.jounin.net/ TFTPD32 includes DHCP, TFTP, SNTP, and Syslog servers as TFTP client Useful for booting and updating configuration Supports interface filtering and progress bars
  • 154. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Download manager for Windows • Minimalist application • Downloads automatically • Open source software Wackget • Directory synchronizer • More efficient • Extracts images and adds to archive CDs Thirddir Wackget, Thirddir http://millweed.com/, http://www.mtg.sk/
  • 155. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Unstoppable Copier http://www.roadkil.net/ Unstoppable Copier is a program that recovers files from scratched CDs or defective floppy/hard disks It attempts to recover every readable piece of a file and puts the pieces together It supports batch copying to automate the programs use and saves copying/restore copying jobs
  • 156. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Unstoppable Copier: Screenshot
  • 157. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Winscp http://winscp.net/ Winscp is an open source SFTP client for Windows Supports secure shell, encryption algorithms Includes built in text editor
  • 158. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File Analysis Tools
  • 159. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AccessEnum http://technet.microsoft.com/ AccessEnum tool provides a full view of file system and registry security settings in seconds Displays security holes and lock down permissions Uses standard Windows security
  • 160. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BinText http://www.foundstone.com/ BinText tool is a compact, fast, and powerful text extractor Includes the ability to find plain ASCII text, Unicode text, and Resource strings Fixed problem with copying text to clipboard
  • 161. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CDMage http://www.geocities.com/ CDMage performs multiple tasks with a common CD image files on hard drive Provides support to CeQuadrat WinOnCD images Localizes into other languages
  • 162. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DBF Viewer Plus http://www.alexnolan.net/ DBF Viewer Plus tool views DBF database files Used for printing, opening, and editing memo fields
  • 163. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DefragNT http://www.geocities.com/ DefragNT provides various options for disk defragmenting Gives information about the opened partition Supports Unicode file names It is data safe
  • 164. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dependency Walker http://www.dependencywalker.com/ Dependency Walker tool scans any 32-bit or 64-bit Windows module Builds a hierarchical tree diagram of all dependent modules Useful for troubleshooting system errors
  • 165. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disk Investigator http://www.theabsolute.net/ Disk Investigator views and locates raw directories, files, clusters, and system sectors Verifies the effectiveness of file and disk wiping programs Undelete previously deleted files
  • 166. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DiskView http://www.diskview.com/ DiskView shows a graphical map of the disk Determines where a file is located Clicking a cluster gives a full view of the root of a given file
  • 167. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DupeLocator http://milleniumhandandshrimp.com/ DupeLocator locates and manages duplicate files Locating and downloading of files is done easily Makes file synchronization fast and easy
  • 168. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited E-Grabber http://www.egrabber.com/ E-Grabber locates e-mail addresses in files Provides various types of filters
  • 169. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ExamDiff http://www.prestosoft.com/ ExamDiff is a visual File comparison Tool Consists of simple and convenient features for comparison of files Permits joint software development remotely over the Internet A part of FTP BASED Version Control System
  • 170. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Explore2FS http://www.chrysocome.net/ WIN32 tool explorer for Linux ext2fs partitions Enforces security permissions Exports files as text and directory Supports large files
  • 171. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File Analyser http://www.sirius.uk.net/ File Analyser tool lists your fixed disk after file types Files can be renamed directly in the program Defines new groups of files
  • 172. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited File List Generator http://nsis.sourceforge.net/ File List Generator generates the list in various file formats Collects the information about all files and subfolders Sorts multiple items while generating the list
  • 173. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Folders Report http://www.nirsoft.net/ Folders Report tool scans a drive or a base folder that is selected Displays essential information for each folder that the tool finds This utility is a standalone executable
  • 174. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Gemulator Explorer http://www.emulators.com/ Gemulator Explorer utility to read Atari ST and Apple Macintosh formatted disks Doubles as a disk disk imaging and backup tool Individual files can be extracted
  • 175. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HashCalc http://www.slavasoft.com/ HashCalc is an easy-to-use calculator that allows to compute message digests, checksums and HMACs for files, as well as for text and hex strings Supports custom hash algorithm
  • 176. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Lister http://wareseeker.com/ Lister acts like a file viewer Supports multiple languages Provides Enhanced search function Compares files and directories
  • 177. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MDB View http://www.matsoftware.it/ MDB View helps in viewing mdb files on systems without Microsoft Access installed Views detailed information for each record Capable of opening protected database
  • 178. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Media Checker http://noeld.com/ Media Checker tool assists in checking all your media or only a folder on these media and ensures that precious data stored on them are safe and can be accessed successfully
  • 179. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PEiD http://peid.has.it/ PEiD is an executable files identifier Detects common packers and compilers Detects more than 470 different signatures in PE files • Multiple file and directory scanning with recursion • Task viewer and controller Features:
  • 180. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Resource Hacker http://www.angusj.com/ • Viewing Resources • Saving Resources • Modifying Resources • Adding Resources • Deleting Resources Serves as: Resource Hacker utility can view, modify, rename, add, delete, and extract resources
  • 181. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Space Monger http://www.sixty-five.cc/ Space Monger tool for keeping track of the free space on your computer Supports multiple foreign languages Added support for Windows Property Dialog box
  • 182. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tiny Hexer http://www.mirkes.de/ Tiny Hexer works as a hex editor for binary files Searches or replaces text or hex bytes Acts as a scripting engine Automatic back-ups of modified files Supports Unicode
  • 183. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Virtual Floppy Driver http://www.hf.com.ru/ Virtual Floppy Driver mounts a floppy image file as a virtual floppy drive and directly access the contents Launches a program on a virtual floppy
  • 184. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Win Interrogate http://winfingerprint.sourceforge.net/ Win Interrogate is a file system and process enumeration and integrity tool Processes in both File system mode and Process mode
  • 185. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited xTeq X-Find http://www.xteq.com/ xTeq X-Find tool us used to search and locate files in less amount of time No extra program is started Highlights the searched text
  • 186. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Tools
  • 187. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cisco PIX Firewall Password Calculator http://www.oxid.it/cpfpc.html Cisco PIX Firewall Password Calculator produces the encrypted form of PIX passwords without the need to access the device
  • 188. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Encode UNIX Password http://www.magsys.co.uk/ Encode UNIX Password allows user names and passwords to be encoded into a format suitable for use with UNIX systems
  • 189. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Assistant http://www.regnow.com/ Password Assistant is a tool to check your current passwords and generate new, strong passwords New passwords are generated using dictionary, pronounceable, and random words types The password analyzer helps you to determine if you have a secure password
  • 190. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Generator http://www.softforall.com/ Password Generator XP tool generates any quantity of passwords with one mouse click Supporting features includes easy to use, small size, and WinXP look
  • 191. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Password Cracking Tools
  • 192. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Access PassView http://www.nirsoft.net/ Access PassView tool reveals the database password of every password- protected mdb file Recovers forgotten Access Database password Displays the main database password Does not recover password that contain more than 18 characters Cannot recover user-level passwords
  • 193. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Chat Recovery http://sourceforge.net/ Chat Recovery tool recovers chat account passwords for AIM and Yahoo messenger Recovers the buddy list for each account Does not allow the user to make it function remotely
  • 194. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Asterisk Logger http://www.nirsoft.net/ • Date/time of password revealed • Name of application containing the revealed password Displays additional information about the revealed password such as: Asterisk logger tool can reveal passwords stored behind the asterisks in standard password text-boxes
  • 195. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Basic Authentication http://noeld.com/ Basic Authentication tool converts a user name and optionally a password to and from their Base64 Basic Authentication counterpart
  • 196. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Brutus http://www.hoobie.net/ Brutus is a remote password cracker • HTTP (Basic Authentication) • HTTP (HTML Form/CGI) • POP3 • FTP • SMB • Telnet Includes the following authentication types:
  • 197. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DeBat! http://www.driverheaven.net/ DeBat! is a password recovery tool for the famous email program “The Bat!” Shows the weakness of the account protection used in “The Bat!” Displays all passwords for a specified account
  • 198. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dialupass http://www.nirsoft.net/ • Username • Password • Domain Reveals their logon details such as: Dialupass tool enumerates all Dial-up entries on the computer
  • 199. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enterprise Manager PassView http://www.nirsoft.net/ Enterprise Manager PassView allows you to configure and manage your SQL server Enumerates all servers registered in your Enterprise Manager Reveals the user names and passwords
  • 200. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited GetKey http://www.s2services.com/ GetKey recovers lost or forgotten passwords for password-encrypted zip files Maximum length of password is not limited
  • 201. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited GetPass http://www.boson.com/ GetPass tool decrypts Cisco Level7 encrypted password into a clear text format
  • 202. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Keyfinder http://magicaljellybean.com/ • An optional config file – allows pull a key stored in the registry for any software • Load Hive option – allows to load the registry hive of another Windows installation • Command line options - /save <location> /savecsv <location> /close /hive <location> /file <filename> Features: Keyfinder tool retrieves “product key” (cd key) used to install Windows from registry It allows to print or save keys for safekeeping
  • 203. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Keyfinder: Screenshot
  • 204. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Lepton’s Crack is a password cracking engine Regular expression support to define each password character Useful for auditor and penetration testers Lepton’s Crack http://usuarios.lycos.es/reinob/
  • 205. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mail PassView http://www.nirsoft.net/ Mail PassView is a password recovery tool that reveals the passwords and other account information for various e-mail clients It displays the account name, application, e-mail, server, server type, user name, and the password
  • 206. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Messenger Key http://www.lostpassword.com/ Messenger key tool recovers passwords for Mirabilis ICQ UINs Supports all versions of Mirabilis ICQ starting with ICQ 99 Supports multilingual passwords
  • 207. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MessenPass http://www.nirsoft.net/ MessenPass tool reveals passwords of various instant messenger applications It can be used to recover the passwords of only the current logged-on user on your local computer
  • 208. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netscapass http://www.nirsoft.net/ Netscapass tool reveals stored mail passwords for Netscape communicator 4.x, Netscape 6.x/7 Reveals stored web-sites passwords in Netscape 6.x/7
  • 209. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Outlooker http://www.d--b.webpark.pl/ Outlooker tool displays information about all email accounts and their respective passwords from Outlook Express
  • 210. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PCAnywhere PassView http://www.nirsoft.net/ • Password used to protect all types of items • Password used to protect remote control and caller items Recovers two types of passwords from Symantec PCAnywhere
  • 211. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Protected Storage PassView http://www.nirsoft.net/ Protected Storage PassView tool reveals passwords stored by Internet Explorer, Outlook Express, and MSN Explorer Reveals all AutoComplete strings stored in Internet Explorer and not just the AutoComplete password Reveals only the passwords of the current logged-on user
  • 212. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Share Password Checker http://www.securityfriday.com/ Share Password Checker tool obtains the list of shared folders on the network and reveals the passwords of those folders Operates on Windows 95/98/ME • It acquires the list of the shared folders but it only differentiates folders which do not have a password In the case of Windows NT/2000
  • 213. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited X-Pass http://www.scanwith.com/ Does not work on proprietary password fields provided by some applications Works with Internet Explorer and not Opera 7 or Mozilla Browser • Fields include those that are provided by Windows X-Pass reveals all system password fields
  • 214. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other GUI Tools
  • 215. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Time synchronization program that sets computer time as that of Internet time servers • Time is accurate within 1 second of coordinated universal time. AtomicTime • Lists all the favorites and bookmarks of Internet Explorer and Netscape or Mozilla browsers respectively in a single page FavouritesView AtomicTime, FavouritesView http://www.beyondstats.com/, http://www.nirsoft.net/
  • 216. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IECookiesView http://www.nirsoft.net/ IECookiesView tool displays list of cookies of the websites browsed by Internet Explorer (IE) Performs the related functions on cookies
  • 217. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IEHistoryView http://www.nirsoft.net/ IEHistoryView scans and lists information from the history file Displays URLs and their complete details from history file
  • 218. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MozillaCookiesViewer http://www.nirsoft.net/ MozillaCookiesViewer displays details of cookies stored in the cookies file named cookies.txt Performs operations like deleting, backup/restore
  • 219. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MyUninstaller http://www.nirsoft.net/ MyUninstaller is an substitute for Add/Remove Program of Windows operating system Performs detail functions related to the installed application
  • 220. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Neutron, NewSID http://keir.net/, http://technet.microsoft.com/ • Time synchronization program • Retrieves time from Internet Time Servers • Sets this time for the computer clock Neutron • Changes SID and renames the computer • Computer must have been cloned previously NewSID
  • 221. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ShortCutsMan http://www.nirsoft.net/ ShortCutsMan lists all information on shortcuts on the desktop under the start menu
  • 222. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Timer, Stinger http://keir.net/, http://www.siteadvisor.com/ • Record time for the onscreen events Timer • Detects and removes specific virus on the system Stinger
  • 223. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WinUpdatesList http://www.nirsoft.net/ WinUpdatesList lists updates including Service packs and hotfixes on machines
  • 224. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SAFE Block http://www.forensicsoft.com SAFE Block provides quick and safe acquisition and/or analysis of any disk or flash storage media attached directly to the forensic workstation • Easy to use • Unlocks the disk • Remembers blocked state of devices Features:
  • 225. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited RootkitRevealer http://technet.microsoft.com/ RootkitRevealer is an advanced root kit detection utility It can detect all persistent rootkits including Vanquish, AFX, and HackerDefender
  • 226. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Autopsy http://www.sleuthkit.org/ The Autopsy forensic browser is a graphical interface to the command line digital investigation analysis tools in the Sleuth Kit It provides a "File Manager"-like interface and shows details about deleted data and file system structures • A dead analysis occurs when a dedicated analysis system is used to examine the data from a suspect system • A live analysis occurs when the suspect system is being analyzed while it is running Analysis modes:
  • 227. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Autopsy: Screenshot
  • 228. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Magic Rescue http://www.freebsdsoftware.org/ Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them It looks at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or partition It works on any file system, but on fragmented file systems, it can only recover the first chunk of each file
  • 229. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mailbag Assistant http://www.qweas.com/ Mailbag Assistant comes to the rescue with turbocharged tools to search, organize, analyze, and archive a mountain of messages • Opens all your mail files, even those backed up on CD-ROMs or ZIP drives • Finds relevant messages quickly • Filters out e-mails that contain virus attachments • Examines email for evidence (computer forensics) Features:
  • 230. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mailbag Assistant: Screenshot
  • 231. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited e2salvage http://e2salvage.sourceforge.net/ e2salvage is a utility which tries to do in-place data recovery from damaged ext2 filesystems It recovers the directory structure of the filesystem
  • 232. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited chkrootkit http://www.chkrootkit.org/ • chkrootkit: shell script that checks system binaries for rootkit modification • ifpromisc.c: checks if the interface is in promiscuous mode • chklastlog.c: checks for lastlog deletions • chkwtmp.c: checks for wtmp deletions • check_wtmpx.c: checks for wtmpx deletions • chkproc.c: checks for signs of LKM trojans • chkdirs.c: checks for signs of LKM trojans • strings.c: quick and dirty strings replacement • chkutmp.c: checks for utmp deletions It contains: chkrootkit is a tool to locally check for signs of a rootkit
  • 233. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Chkrootkit: Screenshot
  • 234. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Flash Forensic http://www.infinadyne.com/ • Complete imaging of flash devices in raw format • Simultaneously examines multiple devices and/or image files all within the same session • Thumbnail display for photos, including a complete print capability • Report generator • MD5 hashing of media, images, and individual files Features: Flash Retriever is a professional tool for examining, recovering, and documenting flash-based media
  • 235. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Flash Forensic: Screenshot
  • 236. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited E-Mail Detective http://www.hotpepperinc.com/ E-mail detective extracts AOL email that has been cached or saved on a user’s disk drive A comprehensive report is produced for examiner detailing the results
  • 237. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited D.I.M. (Digital Investigation Manager) http://dim.dflabs.com/ D.I.M. allows the user to catalog all pertinent information gathered during digital investigation or forensic acquisition operations and to generate reports It automatically numbers the items of evidence and hosts for a given case on the basis of the information contained in the database
  • 238. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited D.I.M.: Screenshot
  • 239. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Currprocess will modify the priority of a particular process ProcessMate lists all active processes and resolves their unique IDs, paths, and number of threads HijackThis scans computer browser and operating system settings to generate a log file of the current state of a computer ShoWin displays useful information about windows by dragging a cursor over them Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them
  • 240. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 241. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited