Skip navigation.

DNS and forensic tools resources

• DNSMap - DNS Subdomain Brute-force Tool
• Dnsgrep - DNS Enumeration Tool
• txdns - Aggressive Multithreaded DNS digger/brute-forcer
• Mscan 1.0
• FoFuS - PoC bot using DNS cover channel
• dnsstat
• Tools to manage DNS
• DNSSEC Software, DNSSEC Tools, DNSSEC Utilities

DNS Dump



Google CodeSearch



Google CodeSearch

More Resources
Forensic Tools| Training| Resources| Publications| Groups|

Want to post a link or make an announcement? Send it to
Forensic Tools
"Illicit traffic is not about products, it's about transactions." - Moisés Naím, Illicit
Vere Software is dedicated to creating a "more safe" online environment. We specialize in software applications that can be used to help your investigations maintain structure while properly gathering evidence that can be used in court. Our clients include law enforcement agencies and special investigators. Our products are designed as a tool for the investigator to collect evidence of online criminal activity. We will help you, the investigator, "make the internet your regular beat" .
• Maresware/
Maresware: The Suite
Maresware: Linux Computer Forensics
Validation Tools and other products
• ProDiscover/
Incident Response
Other tools
• Paraben Corporation/
P2 Power Pack

Hard Drive Forensics
Forensic Replicator Complete bit-stream acquisition software for hard drives and media
P2 eXplorer Mount almost any forensic image as a virtual drive
Forensic Sorter Save time by sorting your evidence into workable categories
E-mail Examiner A full featured e-mail examination tool for over 30 popular e-mail formats
Network E-mail Examiner Examine large network e-mail stores including Exchange, Notes, and GroupWise
Text Searcher Perform advanced, fast text searching through indexing
Registry Analyzer Analyze entire Windows registry files
Chat Examiner Examine chat log files for Yahoo, MSN, ICQ, and more
Decryption Collection Break passwords for over 35 types of encrypted files
Case Agent Companion View over 250 different file formats for detailed analysis & reporting of digital evidence

Enterprise Forensics
Enterprise Forensics

Moble Devices
SIM Card Seizure v1.0.2131
ComputraceComplete laptop security
Computrace Data Protection
• Guidance Software/
EnCase Enterprise
Field Intelligence Model
• AccessData Corp/
The Ultimate Toolkit
Forensic Toolkit
Password Recovery Toolkit
Registry Viewer
• Wetstone/
Gargoyle Investigator
• Determina/
Determina VPS
Determina Memory Firewall
Determina LiveShield
• EnterEdge/
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• Digital Intelligence/
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• DocuLex/
Litigation Support
Electronic Discovery
In 1998, Martin Roesch wrote an open source technology called Snort, which he termed a "lightweight" intrusion detection technology in comparison to commercially available systems. Today that moniker doesn't even begin to describe the capabilities that Snort brings to the table as the most widely deployed intrusion prevention technology worldwide. Over the years Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention. Recent advances in both the rules language and detection capabilities offer the most flexible and accurate threat detection available, making Snort the "heavyweight" champion of intrusion prevention.
Bleeding Edge Threats is a center for Open Security Research. We produce data feeds regarding new and up to the minute threats and research, and a number of other related security projects. Bleeding Edge Threats brings together the most experienced, and the least experienced security professionals.
The Wireshark Certification Program strives to test a candidate's knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing the traffic.
CACE (Creative, Advanced Communication Engineering) Technologies is dedicated to enhancing the Wireshark user experience. Our staff of accomplished computer scientists and engineers has created Wireshark®, the world’s most popular network analyzer, WinPcap™, the industry-standard open source packet capture library for Windows, and AirPcap™ Product Family 802.11 WLAN packet capture devices for Wireshark. Our collective experience and talents combine to offer exciting networking products as well as a broad range of engineering, development, and consulting services.
The four Wireshark University courses were written by Laura - these courses include new trace files, more details on troubleshooting techniques and case studies. In addition, Laura has hand-picked instructors to teach the courses - these instructors have years of packet-level experience and are some of the best instructors in the industry. Laura (and the WSU advisory committe) are developing the certification test to validate candidate capabilities in the area of troubleshooting and securing networks using Wireshark. Laura works closely with Gerald Combs (original author of Wireshark) and Loris Degioanni (original author of WinPcap) to build the most current and complete educational materials to support Wireshark.
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
NetScanTools Pro is an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.
“Finding the Truth, One bit at a Time”
CyberEvidence, Inc. is a leading provider of computer forensics. The concepts of digital data investigation and security will be an ever expanding part of the future.The need for professional, proficient and highly trained investigative resources dedicated to this fast developing industry is evident. CyberEvidence, Inc. addresses this need in three primary ways:

1. providing clients with a range of digital data incident response, investigative and consulting services;
2. providing industry leading training to individuals and organizations involved in digital forensics; and
3. developing partnerships with institutions of higher learning to help move the digital forensics industry into the academic mainstream.
DeepDarkAbyss, ForensicsWeb, and the main Infobin site, as well as an updated Jatero.Com site.
To train, support and encourage investigators through information sharing to preserve, recover, and analyze digital evidence in a forensically sound manner for criminal, civil and administrative purposes. To provide digital crime prevention education to the public. To promote knowledge of the impact of digital crime among senior leaders, both in the public and private sectors.
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
Programmer's file and data format resource. This site contains information on hundreds of different file types, data types, hardware interface details and all sorts of other useful programming information; algorithms, source code, specifications, etc.
• DFLabs
DFLabs is an ISO9001 certified consulting company founded by Dario Forte, CISM, CFE, specializing in Information Security Risk Management. Our mission is: Supporting Information Security Strategies and Guarenteeing Business Security.Proud of its professional experience, DFLabs provides consulting services in the following areas: Information Security Strategy, Incident Prevention and Response, Digital Forensics, Infosecurity Training, Intrusion Prevention, Log and Vulnerability Management. We are based in Northern Italy, and we perform our operations worldwide.
• PTK a new advanced interface for “The Sleuth Kit”
PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation. The core component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence. PTK allows the management of different cases and different levels of multi-users. It is possible to allow more than one investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database. PTK is a Web Based application and builds its indexing archive inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).
• 10-23 On-Scene Investigator
This toolkit was created for the non-technical first responder to a computer incident involving a Windows computer. It is remastered from Knoppix a bootable distribution of Linux. The toolkit runs completely off of the CD and out of RAM and does not touch the suspect hard drive(s). This was verified by SHA256 hashes of before and after the toolkit was used on a Windows system. As reported by Ernie Baca here there is an issue with Linux (and therefore KNOPPIX) where a bit is changed on journaling filesystems when mounted (even read-only). Therefore caution should be exercised when using 10-23 on a Linux system.
FBCD provides you with an environment to safely and quickly preview data stored within various storage media (hard drives, USB thumbdrives, handheld music players such as iPods, digital camera media, etc.), enabling you to identify and locate data of interest.
PDF Password Cracker is an utility to remove the security on PDF documents (of course, you should have the right to do it, for example, in case of forgotten user/owner password). Only standard PDF security is supported, neither third-party plug-ins nor e-books.
Locate Cell Phone Towers
Find Cell Tower Locations
Find and investigate people, locate businesses, verify phone numbers and addresses

Massive list of useful sites
• KBSolutions Inc/
KBSolutions provides computer forensic investigations as well as consultation and training in various aspects of cyber crime. We specialize in sex offender management as it relates to cyber criminal activities. We do not provide forensic services in civil matters or do defense work.
Wireless Geographic Logging Engine
• OnScene Investigator/
OnScene Investigator is a cost effective, simple to use tool for quickly searching and/or imaging computers (in Encase format). It is ideal for on scene triage of computers to identify relevant evidence before imaging . OnScene Investigator is suitable for all Intel PCs, especially Apple Macbook, Macbook Pro and PPC Imac and Powerbook G4.
• is an online real estate service dedicated to helping you get an edge in real estate by providing you with valuable tools and information.
This site is a collection of Internet utilities developed by Hexillion using its HexGadgets components. Most of the utilities have ASP or ASP.NET source code available.
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
• Better Business Bureau
U.S. and Canada
United States

• Cell Phones
• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
Apple Mac OS X
CCE Bootcamp
• Fingerprints
FBI Fingerprint Training
• Hacking Investigations
• Security
Learning Tree
• Steganography

FBI Computer Analysis and Response Team
Back to Information Security Basics
NSA Information Assurance
Hetherington Information Services
Laboratoire d'EXpertise en Sécurité Informatique
PEI Systems
AlliedBarton Security Services
Mandiant(formerly Red Cliff)
Mares and Company
Medford Police
LAPD Online
LAPD Crimemaps
CygnaCom Solutions
Password Recovery Pro recovers hidden passwords by simply holding the mouse cursor over the asterisks field
Hidden Keyboard Memory Mod

• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
Apple Mac OS X
CCE Bootcamp