Free forensic software for windows

PhotoSeek - Forensic Analysis Tool 1 is a utility equipped with the ability to identify similar images, even images which are resized, compressed, or changed to other formats like bmp, jpg, and gif. . Proventsure develops software to search computers for sensitive and confidential information based on algorithms used by molecular biologists to map DNA, as well as many custom developed algorithms for decoding files and data to ID information and clustering file owners. Some of this research has applications in other areas, as is the case with PhotoSeek. This application is useful for law enforcement personal since it can identify similar photos, without the need for cryptographic file hashes, which are very frequently inaccurate at detecting image files. Images are easy to change without visible detection to the human eye, yet completely defeat file hash detection mechanisms.

FirePasswordViewer 1.2.2 is designed as a useful popular FirePassword tool which can help you easily decrypt sign-on secrets stored by Firefox. Firefox records the login details such as username and password for every website authorized by the user and stores them in the sign-on database file in encrypted format.

Major Features:

1. FirePasswordViewer tool can decrypt and display these secrets on the same lines as the Firefox built-in password manager.
2. The main advantage of FirePasswordViewer is that it does not require Firefox to be running. This is very useful in recovering the sign-on details when Firefox fails to function properly.
3. Also FirePasswordViewer can be used to display sign-on secrets from different profile (other than current profile) as well as from the different operating system (such as Linux, Mac etc) altogether. This greatly helps forensic investigators who can copy the relevant files from the target system to test machine and view the credentials offline without affecting the target environment.
4. The displayed sign-on information can then be saved to a file in standard HTML format which can be used as valuable and quick offline reference.
5. FirePasswordViewer is the simple, standalone tool which does not require any installation. Here are the simple steps...
   • Launch the FirePasswordViewer. It will automatically detect and fill the current profile directory. Alternatively you can copy the Firefox profile files from other machine and specify that folder path manually.
   • Next enter the master password if it is set for that profile. Otherwise leave it blank.
   • Once you have entered the profile path and master password details, click on the "Show" button to view the sign-on information as shown in the screenshot 1.
   • Finally you can click on "Export" button to save the sign-on details to file in HTML format. This will save it to the specified file and display it using default browser as shown in the screenshot 2.

Enhancements:

• Support for recovering the passwords from Sqlite signon database file used by latest Firefox version 3.5.

Requirements: Windows 2K, XP, 2003, Vista.

This displays the latest news from www.forensischepsychiatrie.nl and www.acutepsychiatrie.nl.
You get information about (forensic) psychiatry, TBS. (Dutch language only.)

SharePoint Anti-Keylogger scans, detects and removes keyloggers. SharePoint Anti-Keylogger scans, detects and removes keyloggers.
Keyloggers are becoming commonplace methods for intruders to gain access to unauthorized systems by recording user keystrokes as they occur on the arbitrary machine, or in our case, our SharePoint Portal or Windows SharePoint Services server. Protecting your server from keyloggers is a fairly crucial measure in any security structure, ensuring your full control of your machines without worrying about compromising it to hackers.
Keyloggers can exist on two different levels, both on a hardware and software level. There are a range of available hardware keyloggers, ranging from those which are fairly easily to detect such as those that attach inline between the keyboard cable and those which bind to a port where the keyboard is installed, or those which are placed directly into the keyboard or laptop machine. Retrieving the data from the target machine can vary heavily depending on the application used, which has its own implications.
The most common way is to slip a trojan or other remote access application that allows the user direct access to the machine to query the log generated by the keylogger. Because SharePoint machines are often hooked into MS exchange servers, typically the information can automatically be sent via using email, which is slightly more elegant than the former technique because it lessens the trail detection and gives less evidence to forensic computer analysts.
Securing your SharePoint environment for keylogger is as important as web and network layer security. The SPS AKL is composed of two main modules that help you harden your SharePoint environment, one for detection and another for management. The central processing portions are kept as a windows service that will need to be installed.

Dariks Boot and Nuke ( Dariks Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN can automatically and completely delete the contents of any HDD that it can detect, which makes it an appropriate tool for bulk or emergency data destruction.
DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.
Usage:
Double-click the exe program to install DBAN to a floppy disk or USB flash device.
You must use an account with full hardware access to create the DBAN boot media. This means that you must be a member of the administrators group or have similar privileges on your Microsoft Windows computer. Virus scanners and domain policies can prevent you from creating the DBAN boot media.
The USB booting capabilities of many computers are incomplete or broken. Most computers capable of booting from a USB device require that it report a removable media type, and that it be unpartitioned and smaller than two gigabytes (so that the BIOS can boot it like a floppy disk).
If the drive letter of your USB device does not appear in WinImage drive list, then it is an unsupported media type. In particular, most USB+IDE bridge implementations are unrecognized, which means that a 2.5 inch hard disk in an external USB enclosure is incompatible.