Category Archives: Forensics

USBDeview – Lists Connected USB Devices

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.

MemGator – Memory Analysis Tool

MemGator is a memory file analysis tool that automates the extraction of data from a memory file and compiles a report for the investigator.

Moloch – PCAP capturing, Indexing and Database System

Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.

IECacheView – Internet Explorer Cache Viewer

IECacheView is a small utility that reads the cache folder of Internet Explorer, and displays the list of all files currently stored in the cache.

LiveTcpUdpWatch – Displays live TCP and UDP Activity

LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system.

CapTipper – Malicious HTTP traffic explorer

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.

NTFS Journal Viewer – Tool to Investigate NTFS Changes

NTFS Journal Viewer (JV) is a portable tool that extracts and parses the NTFS change journal ($UsnJrnl) file. The change journal is a file that records when changes are made to files and directories and therefore can provide a wealth