This area is designated for Forensic Tools and projects done by students. If the code is not available and you would like a copy, please email csaw_forensics@isis.poly.edu

Posted Sep 17, 2013, 10:30 PM by marcbudofsky

Performs LSB steganography on raw audio (WAV).  The encode function will convert the message to be encoded into its binary representation and traverse the audio file, modifying the LSB of each byte to embed the message. The decode function will allow you to retrieve a hidden message from the audio file.

MD5 (audio.py) = 280fb5dee4adae6a4d10fc9284db2a54
MD5 (wave.py) = 4a1bc1bfc46b96a1ca0ada1beaf553d9

usage: audio.py [-h] [-m {encode,decode}] [-t TEXT] [-o OUTPUT] input

Audio Stegonography with LSB Encoding.

positional arguments:
  input                 Audio file to be processed

optional arguments:
  -h, --help            show this help message and exit
  -m {encode,decode}, --method {encode,decode}
                        Choose to encode or decode
  -t TEXT, --text TEXT  Filename of plaintext message to embed
  -o OUTPUT, --output OUTPUT
                        Encoded wav output name


Posted Mar 23, 2013, 7:13 PM by Juan Arturo

Creates a KML file from an IP/Domain list. Works REALLY well with bulk_extractor histogram files. It will produce a KML file for you to open up in any MAP that can ingest them. You will need Python 2.7, the MaxMind GeoLite database, and the pygeoip & simplekml libraries. You also have the options to produce a SQLite dB & CSV file. 

MD5 (IP_Domain_KML.py) = 7e2a20b8f4d3404d9f27b04416729ba6

 

usage: IP_Domain_KML.py [-h] [--hist] [--csv CSVTFILE] [--sqlite SQLLITEDB]
                        [--kml KMLFILE]
                        INPUTFILE

Script to create geo-loc of ip's and domain names

positional arguments:
  INPUTFILE           File to get data from

optional arguments:
  -h, --help          show this help message and exit
  --hist              Use histogram file parser
  --csv CSVTFILE      File to save csv data
  --sqlite SQLLITEDB  File to save sqlite data
  --kml KMLFILE       File to save kml data


Posted Mar 9, 2013, 3:35 PM by marcbudofsky

Identify_CCN


Posted Mar 9, 2013, 3:35 PM by marcbudofsky

EmailSleuth

EmailSleuth Mapping


Posted Mar 9, 2013, 3:34 PM by marcbudofsky

Detecting Shellcode on ARM


Posted Mar 9, 2013, 3:34 PM by marcbudofsky

Email File Carving with Foremost


Posted Mar 9, 2013, 3:33 PM by marcbudofsky

Bulk_Extractor - BitCoin

Password = cs6963


Posted Mar 9, 2013, 3:33 PM by marcbudofsky

Social Networking Forensics


Posted Mar 9, 2013, 3:32 PM by marcbudofsky

Bulk_Extractor - Drivers License Numbers

Bulk_Extractor - Driver License Numbers II


Posted Mar 9, 2013, 3:32 PM by marcbudofsky

Folder Contents

GUI Usage

The Code


Posted Mar 9, 2013, 3:32 PM by marcbudofsky

Add functionality for : 

  • IBAN
  • SWIFT
  • Routing Transit Numbers
  • WebMoney
  • LibertyReserve


Posted Mar 9, 2013, 3:31 PM by marcbudofsky

Processes MBOX and EML directories often found on drives or search warrants.


Posted Mar 9, 2013, 3:30 PM by marcbudofsky

# It supports icq .dat files (icq99b-icq2003a), .xml files (icq 5 and some
# light versions), .mdb files (icq6), .qdb (icq v.7), and Miranda .dat files.
# &RQ + R&Q
# If possible, it also extracts all contact information to contacts.txt
 
# version 34
# Python 2.7 - I built and use it on OSX
# July 17, 2012