EvidenceCollector
Written by lirva32   
Tuesday, 19 January 2010

 EVIDENCE Collector

Evidence Collector is a free forensics program used to manage other utilities to collect useful information you may need to investigate on some IT Incidents.

Features :

  • * System information : Get owner, IP, MAC address before going through forensics.
  • * Shares and policies applied on shares : very handy to detect if someone gets into computer from opened shares.
  • * Started and stopped services : Some services could be a wide opened doors to get unauthorized accesses.
  • * Installed softwares : Unwanted softwares could be installed without your knowledge. See what inside your computer
  • * Installed Hotfixes : Enumerating installed hotfixes. Note that a missed critical patch is a potential exploitable vulnerability.
  • * Enumerated Processes : List whole processes starting on system.
  • * Events logs : Application, system and security events logs are collected.
       Events logs keep traces of what happened to   system.
  • * TCP / UDP mapping endpoints : See what hidden behind TCP / UDP ports. Generally,
      most of remote administration tools   and trojans don't hide their activities.
  • * Process handles tracking: See what processes did when started. From accessing Registry keys to writing into files. Useful to see if evil activities are not disguised behind some processes.
  • * List start-up programs : When rebooting computers, many evil programs stick into registry keys in order to be reloaded again.
  • * Suspected modules : Scanning modules to see if they are rootkitted.
  • * USB history : Reveals if any USB key has been plugged into system.
  • * Users policies : Collecting users and their policy. You can easily identify any unknown user.
  • * And more...

In-progress features integration :

   . MD5 hashes generating

  • . Essential files and registry keys permissions enumeration
  • . More rootkit revealers support
  • . Windows Events ID scanner and tracker
  • . Advanced Log Viewer

  Suggestions, bug reporting to the author This e-mail address is being protected from spam bots, you need JavaScript enabled to view it


Last version : beta
Release : 2008.05.19
Download : EvidenceCollector.zip
Changelog : n/a


screen capture :
http://www.security-database.com/layout_images/EVI/evi-1.gif
http://www.security-database.com/layout_images/EVI/evi-2.gif 

Last Updated ( Thursday, 21 January 2010 )
 
< Prev   Next >
[ Back ]

http://lirva32.org/site, Powered by Joomla and Designed by SiteGround web hosting