Forensics

PlainSight – Open Source Digital Forensics

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.

There are many features included with this framework such as Internet Histories by using Pasco to recover Internet Explorer histories, Mork to recover FireFox/Netscape histories and RegRipper to view typed URLs.

With this framework you can perform operations such as:

  • Get hard disk and partition information
  • Extract user and group information
  • View Internet histories
  • Examine Windows firewall configuration
  • Discover recent documents
  • Recover/Carve over 15 different file types
  • Discover USB storage information
  • Examine physical memory dumps
  • Examine UserAssist information
  • Extract LanMan password hashes
  • Preview a system before acquiring it

User may run The Volatility Framework to extract information from physical memory such as Image date and time , Running processes , Open network sockets , Open network connections, DLLs loaded for each process , Open files for each process ,Open registry handles for each process , OS kernel modules , Mapping physical offsets to virtual addresses ,Virtual Address Descriptor information.

That beside getting operating system specific forensics data from windows registry, Network information and extract Windows firewall configuration from registry, file recover and sensitive data audit.

You can read more and download this forensic system over here: http://www.plainsight.info/index.html

To Top

Pin It on Pinterest

Share This