File000175

Module LXII - Windows-Based GUI Tools

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• Process Viewer tools
• Registry Tools
• Desktop Utility Tools
• Office Application Tools
• Remote Control Tools
• Network Tools
• Network Scanner Tools
• Network Sniffer Tools
• Hard Disk Tools
• Hardware Info Tools
• File Management Tools
• File Recovery Tools
• File Transfer Tools
• File Analysis Tools
• Password Tools
• Password Cracking Tools
• Other GUI Tools
This module will familiarize you with the following tools:
Module Objective

EC-Council
Module Flow
Process Viewer Tools
Office Application Tools
Desktop Utility Tools
Remote Control Tools
Registry Tools
Network Scanner Tools
Network Tools
Network Sniffer Tools Hard Disk Tools
File Recovery Tools
Password Tools
Hardware Info Tools
File Analysis Tools
File Management Tools
File Transfer Tools
Other GUI Tools Password Cracking Tools

EC-Council
Process Viewer Tools

EC-Council
CurrProcess
http://www.nirsoft.net/
• Modify the priority of a particular process
• Kill a process
• Dump memory of processes into a text file
CurrProcess tool allows the user to:

EC-Council
Process Explorer
http://technet.microsoft.com/
Process Explorer displays
currently active processes
Allows the user to search
which processes have
certain handles opened or
DLLs loaded
Tracks down DLL-version
problems or handle leaks

EC-Council
ProcessMate
http://www.softlookup.com/
ProcessMate lists all active processes and resolves their unique IDs, paths, and number of
threads
Gathers information about all active processes and paths
Stops/kills any process

EC-Council
ServiWin
ServiWin displays the list of installed drivers and services on your system
Allows the user to stop, start, restart, pause, or resume a service or driver
The user can modify the startup type of a service or driver

EC-Council
Registry Tools

EC-Council
Autoruns
Comprehensive knowledge
of auto-starting
Disables and deletes entries
Configures the displayed
locations and entries
Gets more information
about the entry
Supports all versions of
Windows

EC-Council
Autostart Viewer
http://www.diamondcs.com.au/
View and control tool for
Windows
Programs can be modified
and deleted
User interface tool
Detects MSBLASTER worm

EC-Council
Emergency Recovery Utility NT (ERUNT)
http://www.larshederer.homepage.t-online.de/
ERUNT supports command-line
switches
Registry backup and restore for
Windows NT/2000/2003/XP
ERUNT programs are localizable

EC-Council
HijackThis
http://us.trendmicro.com/
HijackThis scans computer browser and operating system settings to generate
a log file of the current state of a computer
Using HijackThis, you can selectively remove unwanted settings and files from
the computer
It creates a report, or log file, with the results of the scan

EC-Council
HijackThis: Screenshot

EC-Council
Loadorder
Shows the order that Windows load device driver
Device drivers for Windows 2000 may load in different order
Supports Windows NT/2000

EC-Council
Regbrws
http://www.sysdevsoftware.com/
Regbrws tool browses the registry
Supports Pentium compatible computers
Also supports Windows NT/2000

EC-Council
Regedit PE
http://sourceforge.net/
Regedit PE tool edits remote
Registry hives and user
profile
Windows Registry changes
are made without booting
Windows
Import and export Registry
keys
Print the Registry

EC-Council
Regscanner
Regscanner scans the
registry
Standalone executable tool
Programs are localizable

EC-Council
Desktop Utility Tools

EC-Council
BossKey
http://keir.net/
BossKey is a virtual desktop program
Windows can be designated always visible
A single keypress can instantly flip between windows/applications

EC-Council
Count Characters
http://www.funduc.com/
Count Characters dumps the
contents of various combo, edit,
list boxes, static, and button
fields to the clipboard
Reveals the plain text
counterpart to some Windows
password edit fields
Shows how applications are
built

EC-Council
HoverSnap
http://www.hoverdesk.net/
HoverSnap is a handy snapshot tool
that supports jpg, png, bmp, and gif
file formats
Takes snapshots of the full screen,
active window or a selected area
Captures optional sound

EC-Council
Lens
http://users.pandora.be/liontech
Lens magnifies the selected area on your screen
Size determined by the size of the window
Cursor keys can be used to move the mouse cursor

EC-Council
Pixie
http://www.nattyware.com/
Pixie is a easy-to-use, fast, and tiny utility
Color picker that includes a mouse tracker
Point to a color and it will tell you the hex, RGB,
HTML, CMYK, and HSV values of that color

EC-Council
PureText
http://www.stevemiller.net/
PureText pastes text from a web page, a Word document, help , etc. as simple text into another
application without getting all the formatting from the original source
Can also configure a system-wide Hot-Key to be used to activate PureText
Removes rich formatting from text

EC-Council
ShoWin
http://www.foundstone.com/
ShoWin displays useful information about windows by dragging a cursor over them
Displays hidden password editbox fields
Ability to enable windows that have been disabled

EC-Council
Sizer
http:// www.brianapps.net/
Sizer allows any window to be resized to
predefined dimensions
To set a window size accurately before a
taking a screen grab
Works on all resizeable windows
Displays a tooltip that shows the exact size of
a window

EC-Council
SysExporter
SysExporter grabs the data stored in standard list-views, tree-views, list boxes, and combo boxes
from almost any application running on your system, and export it to text, HTML or XML file
Its a standalone executable tool that can export data from most combo boxes, list boxes, tree-view,
and list-view controls

EC-Council
Office Application Tools

EC-Council
Atlantis Nova
http://www.myzips.com/
Atlantis Nova is a compact word processor
Can work with up to 50 documents simultaneously
Supports multiple document formats such as RTF, MS Word, MS write etc.

EC-Council
Character Grid
Character Grid displays the full character set of the selected font
Can also display the ASCII code of each character either in hexadecimal or
decimal format

EC-Council
DateStat
http://www.1-4a.com/
DateStat is used to show the difference(=age) between two dates

EC-Council
DBF Explorer
http://www.pablosoftwaresolutions.com/
DBF Explorer helps in
viewing and editing DBF files
Easy-to-use, simple, and
intuitive interface
User can add, edit, delete, or
undelete records
Can update field structures
Can create new DBF database
files

EC-Council
DHB stands for Decimal-Hexadecimal-Binary
A small utility that depicts key values in various number systems
DHB Workshop
http://www.seelhofer.ch/

EC-Council
XML Editor
http://www.firstobject.com/
XML Editor provides high
performance text editing and
parsing of text files
• aligning and indenting xml
• print, print preview
• Email sending etc
Editor supports

EC-Council
Foxit PDF Reader
http://www.foxitsoftware.com/
Foxit PDF Reader is
a free reader for PDF
documents
Can view and print
PDF documents
Easy to use

EC-Council
Irfan View
http://www.irfanview.com/
Irfan View is a graphic viewer for Windows 9x/ME/NT/2000/XP/2003
Supports multiple GIF support, multipage TIF support, multiple ICO support

EC-Council
MetaPad
http://www.liquidninja.com/
MetaPad is a small,
fast text editor for
Windows 9x/NT/XP
Additional features
than Microsoft
Notepad

EC-Council
PrintServer
http://home.planet.nl/
PrintServer is a HTML 3.2
frames enabled off-line
browser to print and
preview html documents
and images
• selectable zoom
• select print pages
• single/two page view
Main features:

EC-Council
Remote Control Tools

EC-Council
Gencontrol
http://www.gensortium.com/
Gencontrol is a desktop remote control
program
No separate server installation is required
Supports Windows 2000/NT/XP

EC-Council
IVT
http://home.planet.nl/
IVT stands for Interactive Video
Terminal
VT220 terminal emulator for
windows
Multi session, multi protocol,
single window

EC-Council
Putty
http://www.chiark.greenend.org.uk/
Putty is a free implementation of
Telnet and SSH
Records the host key for each
server

EC-Council
VNC Viewer
http://www.realvnc.com/
VNC stands for Virtual Network
Computing
Remote control software
Works on cross platform

EC-Council
Network Tools

EC-Council
Adapterwatch
Adapterwatch displays relevant information about network adapters – IP addresses,
Hardware addresses, WINS servers, DNS servers etc.,
Extracts general TCP/IP/UDP/ICMP statistics for your local computer

EC-Council
Commtest
http://www.roadkil.net/
Commtest examines the speed of a network between two computers
Measures network performance and reliability

EC-Council
CurrPorts
CurrPorts displays detailed list of all TCP / UDP endpoints of the system
Permits to close unwanted TCP connections
Automatically identifies suspicious TCP/UDP ports of unidentified applications

EC-Council
Hey Joe!
http://www.ampsoft.net/
Hey Joe! is a simple messaging utility
Modeled to transfer messages over Windows local networks and intranets
Limited consumption of memory and resources

EC-Council
IP2
http://keir.net/
IP2 determines IP addresses for both WAN and LAN
A list of built-in servers enables the program to send a request and receive a
reply from a remote server containing Internet accessible IP address

EC-Council
IP Netinfo
IP Netinfo displays all available information about an IP address (Whois)
Helps in finding the origin of unsolicited mail
Converts host’s name to IP address

EC-Council
Ldp
http://download.microsoft.com/
Ldp permits LDAP operations to be performed against Active Directory
Allows users to perform Lightweight Directory Access Protocol

EC-Council
Necrosoft Dig
http://www.nscan.org/
Supports 20 different queries to
name server
Necrosoft Dig is a TCP-based DNS
client supporting AXFR zone
transfer
• Traditional mode
• Extended mode
Holds two operation
modes

EC-Council
POP3 Preview
POP3 Preview deletes SPAM messages and viruses before downloading
Includes a spam filter

EC-Council
Popcorn
http://www.ultrafunk.com/
Popcorn is a lightweight e-mail
client for Windows
9x/ME/NT/2000/XP/2003
Works as a client/server application
Supports multiple account profiles
Fits easily on a floppy or other
portable media

EC-Council
Quick Mailer
http://pyric.org/
Quick Mailer is extremely small
and fast program for sending E-
mail
Size and flexibility features
makes it ideal to support the
above functionality
Easy to integrate with a web
server

EC-Council
TCPView
TCPView displays the list of all
currently connected TCP/IP and
UDP ports on a local computer
Provides a more informative and
conveniently presented subset of
the Net stat program
Works on Windows
NT/2000/XP and Windows
98/Me

EC-Council
Trout
Trout is a visual trace route and Whois program
Pinging can be set at a controllable rate

EC-Council
WinArpSpoof
http://www.codeproject.com/
• Pulls and collects all the
packets on the LAN
• Scans and shows the
active hosts on the LAN
within a short time
Features:
WinArpSpoofer manipulates the ARP table of another computer on a
LAN

EC-Council
Attack Tool Kit(ATK)
http://www.computec.ch/
ATK tool for Windows to realize fast
checks for dedicated vulnerabilities
It is able to do the work without
great interaction

EC-Council
DDos Ping
DDos Ping is a network admin utility
for remotely detecting the most
common DDoS programs
Remote scanner for the most
common Distributed Denial of
Service programs

EC-Council
DNSWalker
DNSWalker is a lookup DNS names by walking through IP ranges

EC-Council
DSScan
DSScan is an admin utility for
remotely detecting LSASS
vulnerability
Scan multiple IP ranges and
send an alert message to the
vulnerable systems

EC-Council
GetAcct
http://packetstormsecurity.org/
GetAcct tool is used to acquire account information on Windows NT/2000
machines

EC-Council
JJJExec
http://www.joejoesoft.com/
JJJExec can execute command line statements remotely on the selected
computers

EC-Council
MyDoomScanner
MydoomScanner is a
Windows GUI scanner
Helps to find the systems
infected with the Mydoom
worm

EC-Council
Netstumbler
http://www.netstumbler.com/
Netstumbler allows to detect
Wireless Local Area Networks
(WLANs)
Find locations with poor coverage
in WLAN
Detects unauthorized "rogue"
access points in your workplace

EC-Council
RPCScan
RPCScan enumerates the RPC
endpoint-map elements for
port 135 and the interface IDs
of each TCP/UDP endpoint
It works only on Pentium
compatible computers

EC-Council
RPCScan2
RPCScan2 is a Windows based
detection and analysis utility
It can accurately identify
vulnerabilities caused due to
multiple buffer overflows in
Microsoft operating systems

EC-Council
ShareEnum
ShareEnum uses NetBIOS enumeration to scan all the computers
It allows to lock down file shares in your network
It works on Windows NT/2000/XP

EC-Council
Shed
http://keir.net/
Shed is a fast Windows shared
resource scanner
Multiple potential hosts are
scanned in parallel
Designed to run on a PC
running Windows NT/2000

EC-Council
SNScan
SNScan is a Windows based
SNMP detection utility
SNScan can quickly and
accurately identify potential
areas of exposure to SNMP
related vulnerabilities

EC-Council
SuperScan
SuperScan is a powerful
TCP port scanner, pinger,
and resolver
It is intended for Windows
2000 and XP only

EC-Council
Network Sniffers

EC-Council
Analyzer
Analyzer is a tool used to
capture packets on network
Displays the captured
packets through a graphical
interface

EC-Council
IPSniffer
http://erwan.l.free.fr/
IPSniffer is a packet sniffer that uses the XP/2K raw socket features
Supports filtering rules, packet decoding, etc

EC-Council
NGSSniff
http://www.ngssoftware.com/
NGSSniff is a packet sniffing and analysis application
Captures using raw IP Windows sockets

EC-Council
Show Traffic
http://www.demosten.com/
Show Traffic tool monitors network traffic on the chosen network interface
Locates suspicious network traffic

EC-Council
SmartSniff
SmartSniff tool captures TCP/IP
packets that pass through
network adapter
Packets captured is viewed as a
sequence of conversations
between client and server

EC-Council
Sniphere
http://www.securesphere.net/
Sniphere is a network wiretapping program for Windows
Efficient compared to other sniffers

EC-Council
Hard Disk Investigation Tools

EC-Council
48-bit LBA Technology
http://www.48bitlba.com/
48-bit LBA Technology extends the capacity of IDE ATA/ATAPI devices
With the support of 48-bit addressing, the limit has ranged up to 144
petabytes

EC-Council
Darik’s Boot and Nuke
http://www.dban.org/
Darik’s Boot and Nuke is a self-contained boot floppy
Removes completely all the detectable information in the hard disk

EC-Council
DirectDisk
DirectDisk allows to directly access physical sectors from floppy, hard disks, logical
volumes, and CDRoms
Helps to create boot disks manually
Assists in selecting logical or physical disks

EC-Council
Disk Checker
http://www.rssoftlab.com/
Disk Checker is a disk diagnostics and
repairs tool with backup ability
It supports file access and direct access
checking
It can create disk images compatible
with disk image files
It can repair error in FAT or physical
defect

EC-Council
Disk Investigator
http://www.theabsolute.net/
Disk Investigator tool discovers hidden information on the hard disk
Can recover lost data
Assists in searching raw directories, files, clusters, and system sectors
Verifies effectiveness of the file

EC-Council
DiskMon
DiskMon logs and displays all hard disk activity on a Windows system
Acts as a disk light
Supports timed duration Events

EC-Council
DiskPatch
http://www.diydatarecovery.nl/
DiskPatch is a menu driven DOS program designed to solve a wide range of
hard disk problems
Allows to edit disk using the built-in disk editor, partition table editor, and
boot sector editor

EC-Council
DiskPie Pro
http://www.pcmag.com/
DiskPie Pro consists of
customizable pie charts, which
visually finds overweight
folders and files
Helps in cleaning the hard
drive
Acts as a watchdog, quietly
monitoring the disk

EC-Council
Emsa DiskCheck
http://www.e-systems.ro/
Emsa DiskCheck is a dual-
purpose utility, for disk checking
and benchmarking
Used for scanning removable
disks
Used for speed comparison
Accesses the disk table contents
and computes file information

EC-Council
Hard Disk Indicator, HDSpeed
http://www.pcworld.com/, http://www.softogether.com/
HDSpeed
• Measures both sustained
and burst data transfer rates
of the hard disks
• Displays real-time graphics
Hard Disk Indicator
• Adds hard disks led at the
system tray

EC-Council
HD Tach
http://www.simplisoftware.com/
HD Tach is a low level hardware benchmark for random access read/write storage
devices
It measures the sequential read speed, the random access speed, interface burst speed,
and CPU utilization of the drive

EC-Council
HD Tune
http://www.hdtune.com/
• Benchmark
• Info
• Health
• Error Scan
• Temperature display
Following are the
functions:
Measures performance of the hard
disk
Retrieves important information such
as the temperature, SMART
parameters, firmware version, and
buffer size

EC-Council
HDClone
http://www.hdclone.com/
HDClone creates logical copies of hard disks and other mass storage
media
It is used for backups and copy the entire software or operating system
installations
It works independent of partitioning scheme, file system, and
operating system

EC-Council
HDClone: Screenshot

EC-Council
HDINFO Tool
http://www.48bitlba.com/
HDINFO Tool provides information about ATA devices installed on the system
Detects hard drive information
Reports critical operating system information
Includes the self-booting operating system independent tool IDEINFO

EC-Council
Maxtor Tools
http://www.seagate.com/
Maxtor MaxBlast
• ATA/IDE hard drive installation utility
• Makes hard drive installations and
upgrades
• Supports up to four ATA devices in the
same system
• Compatible for both Fast ATA and Serial
ATA
Maxtor PowerMax
• Performs diagnostic read/write
verifications on Maxtor and Quantum
hard drives
• Effective on all ATA (IDE) hard drives
• Recommended for troubleshooting
potential hard drive problems

EC-Council
MBRtool
http://www.diydatarecovery.nl/
MBRtool is a DOS program designed to back up, restore, and manipulate anything in the
hard disk MBR and track0
Edits partition tables and changes attributes for partitions
Re-creates a MBR from scratch

EC-Council
MBRWork
http://www.terabyteunlimited.com/
MBRWork performs some common and uncommon tasks to the
MBR/EMBR/Sectors of a hard drive

EC-Council
Sectedit
Sectedit edits the individual
sectors of a disk either in
ASCII or HEX mode
Searches the disk for data
and transfer blocks of
information
Edits/saves/prints data to
any hard disk or floppy disk

EC-Council
Sector Inspector
http://www.microsoft.com/
Sector Inspector is a
flexible diagnostics tool
for safely collecting disk
and file system-related
data for offline analysis
Additional features that
allow backup and restore
of sector ranges for use
with other disk editing
tools

EC-Council
Western Digital Diagnostic
http://support.wdc.com/
Western Digital Diagnostic tool performs drive identification
Provides the drive's serial and model numbers

EC-Council
Hardware Information Tools

EC-Council
Bart’s Stuff Test
http://www.nu2.nu/
Bart’s Stuff Test is used for testing
storage devices
Supports test at file and device
level
Supports large volumes, up to 16
exabytes
Runs on Windows
95/98/ME/NT/2000/XP

EC-Council
Central Brain Identifier
http://cbid.at.tut.by/
Central brain identifier thoroughly
identifies all AMD processors
Provides comprehensive information
about the processor’s cache
Determines core voltage of mobile and
AMD Athlon 64 processor

EC-Council
Data LifeGuard Diagnostics for
Windows locates and verifies
validates the status of particular
Western Digital drives
Provides an option for extended
test or repair to make the drive
defect-free
Runs under
Win9x/Me/NT/W2K/XP
Presents various options to verify
the defect-free status of drive
Data LifeGuard Diagnostics for Windows
http://support.wdc.com/

EC-Council
Drive View
Drive View tool exhibits the list of currently loaded device drivers
No installation required

EC-Council
Dtemp
http://www.private.peterlink.ru/
Dtemp tool displays hard drive
temperature in the system tray
Gives alerts about runaway harddisk
temperature or impending harddisk
failure

EC-Council
HD_Speed
http://www.steelbytes.com/
HD_Speed tool measures
continuous and burst data
transfer rates of hard disks,
CD/DVD, and floppy
Realtime graphical display

EC-Council
Monitor Test
Monitor test exhibits test patterns during monitor repairing
Shows pure colors and white screens for color tuning
Locates lost colors, and grid lines for focusing
Corrects image dimension settings

EC-Council
Nero CD/DVD Speed
http://www.nero.com/
Nero CD/DVD Speed scans
and investigates CD/DVD drive
Scandisk function verifies
integrity of the CD
Surface Scan examines quality
of each sector and produces
graphical results

EC-Council
Nero Drive Speed
Nero Drive Speed fixes reading speed of
the CD-ROM drive
Runs in system tray and adjusts speed
whenever required

EC-Council
Nero Info Tool
Nero Info Tool investigates and
exhibits critical information about a
drive, disc, configuration and software
Saves and prints the information
collected

EC-Council
ReSysInfo
http://www.dominik-reichl.de/
ReSysInfo is a system information viewer
Has 25 information module
Supports Report Wizard in three different formats: plaintext, HTML, and XML

EC-Council
SIW
http://www.gtopala.com/
SIW tool collects information about system settings and properties
Exhibits presently active network connections, passwords hidden behind asterisks, and installed
codecs

EC-Council
WinAudit
http://www.pxserver.com/
WinAudit audits Windows based personal computers
The report is displayed as a web page, which can be saved in a number of
standard formats
It can be run from a floppy diskette, USB drive, or sent by e-mail

EC-Council
WinAudit: Screenshot

EC-Council
File Management Tools

EC-Council
1-4a Rename
http://www.1-4a.com/
1-4a Rename tool
inserts/Replaces
the text in the file
name
Changes case in
the file name
Scrambles the file
name

EC-Council
A43
http://www.primitus.us/
A43 is a file management
utility for windows 2000/XP
Integrated file search
Integrated quick launch
Integrated zip/unzip features
Dual panel view

EC-Council
CD2ISO
http://www.dubaron.com/
CD2ISO extracts .iso images from CD or DVD
disk
Allows to burn .iso files through any recording
tool
Programmed and tested under Windows 2000
Extract any file system

EC-Council
Delold
http://www.savilltech.com/
Delold is a GUI based tool
File gets automatically deleted
Supports command line

EC-Council
Disktools Imagemaker
http://www.sofotex.com/
Disktools Imagemaker is a disk backup software
It enables to make exact images of entire hard drive(s), or separate partitions on a hard
drive, to disk files
It works with any Windows operating system

EC-Council
Drvcloner XP, Cdmanipulator
http://www.lexundesigns.com/, http://www.storeroom.info/
• Exactly reproduces the original partition
• Clones disk partitions
• Image cannot be saved
DrvClonerXP
• Reads, burns, copies, and masters CD-ROMs
• Supports Windows 98/ME/2000/XP
• Complies CD image
CDManipulator

EC-Council
Drvimager XP creates
and restores the drive
images of partitions
Creates mirror images
of partition by copying
Creates setups with
different OS and swaps
them
Drvimager XP
http://www.lexundesigns.com/

EC-Council
Dscrypt is an AES/Rijndael file
encryption software
Enhanced security
Advanced encryption algorithm
is used
Secure use of system resources
User interface tool
Dscrypt
http://freezip.cjb.net/

EC-Council
Express Burn
http://www.nch.com.au/
Express burn compile, burn audio, and data CDs
CD writing program
Automatically converts the file into audio CD format

EC-Council
ntouch
http://www.flos-freeware.ch/
• Modifies the timestamps of files and directories
• Supports command line
• Supports Windows NT/2000/XP
ntouch

EC-Council
RawWrite for Windows
http://www.chrysocome.net/
• Copy floppy disk images to/from a file
• Essential utility for creating boot and root disks for installing Linux
RawWrite for Windows

EC-Council
Pablo Commander
Pablo Commander is an integrated FTP client
Intelligent Address bar

EC-Council
Pagedefrag
Pagedefrag tool cannot
defragment files that are open
for exclusive access
Defragments Windows
hibernation files

EC-Council
Replace in Files, Splitter Light
http://www.replace-in-files.com/,
http://www.martinstoeckli.ch/
• Self extracting program
• Replace strings matching the
search string
Replace in Files
• Splitter splits the files or
directories
• Saves floppy disk storage space
Splitter light

EC-Council
UUD32 Windows extracts binary files encoded in
various formats
Available in both 16-bit and 32-bit version for
Windows
Decoder for Windows
UUD32 Windows
http://www.miken.com/

EC-Council
Wintidy
http://www.pcmag.com/
Wintidy tool recovers disk space
Powerful multi thread web development editor
Supports Windows 95/ 98/ ME/ NT/ 2000/ XP

EC-Council
File Recovery Tools

EC-Council
Handy Recovery
http://www.handyrecovery.com/
• It can recover files damaged by virus attacks, power failures, and software
faults or files from deleted and formatted partitions
• It can also recover files moved to Recycle Bin after it has been emptied
• It can search for files by name or mask and show the probability of
recovery for each file
Features:
Handy Recovery restores files which are deleted from hard disks and memory
cards
Recovered files can be saved to any disks accessible on system

EC-Council
PC Inspector
http://www.pcinspector.de/
PC Inspector File Recovery is a data recovery program that supports
the FAT 12/16/32 and NTFS file systems

EC-Council
Restoration
http://www3.telus.net/
Restoration is an easy to use and straight forward tool to undelete files
Ability to restore photos from a Flash card

EC-Council
R-Linux
http://www.data-recovery-software.net/
R-Linux is an file recovery utility for the Ext2FS file system used in the
Linux OS and several Unix OS

EC-Council
Smart Recovery
http://www.pcinspector.de/
The new data recovery program from CONVAR
Easy, quick, and reliable
Supports picture formats

EC-Council
Zip File Recovery
http://www.zipfilerecovery.com/
Zip File Recovery recovers data from damaged zip archives
Repairs and salvages the damaged Zip archive

EC-Council
File Transfer Tools

EC-Council
Basic FTP server
Powerful for complex
servers
Supports multi threading
4FTP and 1user interface
classes are present
Babyftp Server

EC-Council
Babypop3 Server integrates
with Microsoft SMTP server
Supports standard POP3
commands
Supports multi threading
Babypop3 Server

EC-Council
Babyweb Server is an alternative for
Microsoft’s IIS
Simple web server with ASP support
Real time server log
Babyweb Server

EC-Council
Dropupload, File Gateway
http://www.rankspirit.com/
• Strong and useful Upload spooler for
FTP management
• Supports Windows NT/2000/XP
• Creates multiple servers
• No installation is required
Dropupload
• Works across any proxy that supports
HTTP
• Supports for NT file security
• Friendly with HTTP proxies/
firewalls/routers
File Gateway

EC-Council
Freeway FTP tool acts as both
FTP server as well as FTP client
Tracking of file transfer
progress is difficult
Transfers file without copying
Multi connections and multiple
file transfer is allowed
Freeway FTP
http://www.agric.za/

EC-Council
HFS HTTP File Server
is designed to share files
Web server
Requires no installation
Supports Windows 98/
ME/ NT/ 2000/ XP
HFS HTTP File Server
http://www.rejetto.com/

EC-Council
• Start, stop, and resume
downloads
• Used for uploads in Windows
SMBDownloader
• Throttled flexible file copier
for Windows
• Copies file without
overloading
Nullsoft Copy
Nullsoft Copy, Smbdownloader
http://www.nullsoft.com/, http://www.koepi.org/

EC-Council
Simple Socket File Transfer
http://www.whitsoftdev.com/
Simple Socket File Transfer tool
transfers file using TCP port
ANSI, Unicode builds
• Active mode
• Passive mode
Modes of computer

EC-Council
Synchronize It!
http://www.grigsoft.com/
Synchronize It! is a tool that synchronizes the data between home
and office or desktop and notebook computers
It supports various archive types, so you can use it as a backup
solution
• Ability to change copy direction or delete files
• Date filter helps to find files you changed recently
• Archives synchronization
Features:

EC-Council
Synchronize It!: Screenshot

EC-Council
TFTPD32
http://tftpd32.jounin.net/
TFTPD32 includes DHCP, TFTP,
SNTP, and Syslog servers as
TFTP client
Useful for booting and updating
configuration
Supports interface filtering and
progress bars

EC-Council
• Download manager for Windows
• Minimalist application
• Downloads automatically
• Open source software
Wackget
• Directory synchronizer
• More efficient
• Extracts images and adds to archive CDs
Thirddir
Wackget, Thirddir
http://millweed.com/, http://www.mtg.sk/

EC-Council
Unstoppable Copier
Unstoppable Copier is a program that recovers files from scratched
CDs or defective floppy/hard disks
It attempts to recover every readable piece of a file and puts the
pieces together
It supports batch copying to automate the programs use and saves
copying/restore copying jobs

EC-Council
Unstoppable Copier: Screenshot

EC-Council
Winscp
http://winscp.net/
Winscp is an open source
SFTP client for Windows
Supports secure shell,
encryption algorithms
Includes built in text editor

EC-Council
File Analysis Tools

EC-Council
AccessEnum
AccessEnum tool provides a full view of file system and registry security
settings in seconds
Displays security holes and lock down permissions
Uses standard Windows security

EC-Council
BinText
BinText tool is a compact, fast, and powerful text extractor
Includes the ability to find plain ASCII text, Unicode text, and Resource strings
Fixed problem with copying text to clipboard

EC-Council
CDMage
http://www.geocities.com/
CDMage performs multiple tasks with a common CD image files on hard drive
Provides support to CeQuadrat WinOnCD images
Localizes into other languages

EC-Council
DBF Viewer Plus
http://www.alexnolan.net/
DBF Viewer Plus tool views DBF database files
Used for printing, opening, and editing memo fields

EC-Council
DefragNT
http://www.geocities.com/
DefragNT provides various options for disk defragmenting
Gives information about the opened partition
Supports Unicode file names
It is data safe

EC-Council
Dependency Walker
http://www.dependencywalker.com/
Dependency Walker tool scans any 32-bit or 64-bit Windows module
Builds a hierarchical tree diagram of all dependent modules
Useful for troubleshooting system errors

EC-Council
Disk Investigator
http://www.theabsolute.net/
Disk Investigator views and locates raw directories, files, clusters, and system sectors
Verifies the effectiveness of file and disk wiping programs
Undelete previously deleted files

EC-Council
DiskView
http://www.diskview.com/
DiskView shows a graphical
map of the disk
Determines where a file is
located
Clicking a cluster gives a full
view of the root of a given file

EC-Council
DupeLocator
http://milleniumhandandshrimp.com/
DupeLocator locates and manages
duplicate files
Locating and downloading of files is
done easily
Makes file synchronization fast and
easy

EC-Council
E-Grabber
http://www.egrabber.com/
E-Grabber locates e-mail addresses in files
Provides various types of filters

EC-Council
ExamDiff
http://www.prestosoft.com/
ExamDiff is a visual File
comparison Tool
Consists of simple and
convenient features for
comparison of files
Permits joint software
development remotely
over the Internet
A part of FTP BASED
Version Control System

EC-Council
Explore2FS
http://www.chrysocome.net/
WIN32 tool explorer for Linux ext2fs partitions
Enforces security permissions
Exports files as text and directory
Supports large files

EC-Council
File Analyser
http://www.sirius.uk.net/
File Analyser tool lists your fixed disk after file types
Files can be renamed directly in the program
Defines new groups of files

EC-Council
File List Generator
http://nsis.sourceforge.net/
File List Generator generates the
list in various file formats
Collects the information about all
files and subfolders
Sorts multiple items while
generating the list

EC-Council
Folders Report
Folders Report tool scans a drive or a base folder that is selected
Displays essential information for each folder that the tool finds
This utility is a standalone executable

EC-Council
Gemulator Explorer
http://www.emulators.com/
Gemulator Explorer utility to read Atari ST and Apple Macintosh formatted disks
Doubles as a disk disk imaging and backup tool
Individual files can be extracted

EC-Council
HashCalc
http://www.slavasoft.com/
HashCalc is an easy-to-use
calculator that allows to compute
message digests, checksums and
HMACs for files, as well as for text
and hex strings
Supports custom hash algorithm

EC-Council
Lister
http://wareseeker.com/
Lister acts like a file
viewer
Supports multiple
languages
Provides Enhanced
search function
Compares files and
directories

EC-Council
MDB View
http://www.matsoftware.it/
MDB View helps in viewing mdb files on systems without Microsoft Access installed
Views detailed information for each record
Capable of opening protected database

EC-Council
Media Checker
http://noeld.com/
Media Checker tool assists in checking all your media or only a folder
on these media and ensures that precious data stored on them are
safe and can be accessed successfully

EC-Council
PEiD
http://peid.has.it/
PEiD is an executable files identifier
Detects common packers and compilers
Detects more than 470 different signatures in PE files
• Multiple file and
directory scanning with
recursion
• Task viewer and
controller
Features:

EC-Council
Resource Hacker
http://www.angusj.com/
• Viewing Resources
• Saving Resources
• Modifying Resources
• Adding Resources
• Deleting Resources
Serves as:
Resource Hacker utility can view, modify, rename, add, delete, and extract resources

EC-Council
Space Monger
http://www.sixty-five.cc/
Space Monger tool for
keeping track of the free
space on your computer
Supports multiple
foreign languages
Added support for
Windows Property
Dialog box

EC-Council
Tiny Hexer
http://www.mirkes.de/
Tiny Hexer works as a hex
editor for binary files
Searches or replaces text
or hex bytes
Acts as a scripting engine
Automatic back-ups of
modified files
Supports Unicode

EC-Council
Virtual Floppy Driver
http://www.hf.com.ru/
Virtual Floppy Driver mounts a floppy
image file as a virtual floppy drive and
directly access the contents
Launches a program on a virtual floppy

EC-Council
Win Interrogate
http://winfingerprint.sourceforge.net/
Win Interrogate is a file system and process enumeration and integrity tool
Processes in both File system mode and Process mode

EC-Council
xTeq X-Find
http://www.xteq.com/
xTeq X-Find tool us used to search and locate files in less amount of time
No extra program is started
Highlights the searched text

EC-Council
Password Tools

EC-Council
Cisco PIX Firewall Password Calculator
http://www.oxid.it/cpfpc.html
Cisco PIX Firewall Password Calculator produces the encrypted form of
PIX passwords without the need to access the device

EC-Council
Encode UNIX Password
http://www.magsys.co.uk/
Encode UNIX Password allows user names and passwords to be
encoded into a format suitable for use with UNIX systems

EC-Council
Password Assistant
http://www.regnow.com/
Password Assistant is a tool to check your current passwords and generate new,
strong passwords
New passwords are generated using dictionary, pronounceable, and random
words types
The password analyzer helps you to determine if you have a secure password

EC-Council
Password Generator
http://www.softforall.com/
Password Generator XP
tool generates any quantity
of passwords with one
mouse click
Supporting features
includes easy to use, small
size, and WinXP look

EC-Council
Password Cracking Tools

EC-Council
Access PassView
Access PassView tool reveals the database password of every password-
protected mdb file
Recovers forgotten Access Database password
Displays the main database password
Does not recover password that contain more than 18 characters
Cannot recover user-level passwords

EC-Council
Chat Recovery
Chat Recovery tool recovers chat account passwords for AIM and
Yahoo messenger
Recovers the buddy list for each account
Does not allow the user to make it function remotely

EC-Council
Asterisk Logger
• Date/time of password revealed
• Name of application containing the revealed password
Displays additional information about the revealed
password such as:
Asterisk logger tool can reveal passwords stored behind the asterisks in
standard password text-boxes

EC-Council
Basic Authentication
http://noeld.com/
Basic Authentication tool converts a user name and optionally a password to
and from their Base64 Basic Authentication counterpart

EC-Council
Brutus
http://www.hoobie.net/
Brutus is a remote password cracker
• HTTP (Basic Authentication)
• HTTP (HTML Form/CGI)
• POP3
• FTP
• SMB
• Telnet
Includes the following
authentication types:

EC-Council
DeBat!
http://www.driverheaven.net/
DeBat! is a password recovery tool for
the famous email program “The Bat!”
Shows the weakness of the account
protection used in “The Bat!”
Displays all passwords for a specified
account

EC-Council
Dialupass
• Username
• Password
• Domain
Reveals their logon details such as:
Dialupass tool enumerates all Dial-up entries on the computer

EC-Council
Enterprise Manager PassView
Enterprise Manager PassView allows you to configure and manage your SQL server
Enumerates all servers registered in your Enterprise Manager
Reveals the user names and passwords

EC-Council
GetKey
http://www.s2services.com/
GetKey recovers lost or forgotten passwords for password-encrypted zip files
Maximum length of password is not limited

EC-Council
GetPass
http://www.boson.com/
GetPass tool decrypts Cisco Level7 encrypted password into a clear text format

EC-Council
Keyfinder
http://magicaljellybean.com/
• An optional config file – allows pull a key stored in the registry for any
software
• Load Hive option – allows to load the registry hive of another Windows
installation
• Command line options - /save <location> /savecsv <location>
/close /hive <location> /file <filename>
Features:
Keyfinder tool retrieves “product key” (cd key) used to install Windows from
registry
It allows to print or save keys for safekeeping

EC-Council
Keyfinder: Screenshot

EC-Council
Lepton’s Crack is a
password cracking engine
Regular expression support
to define each password
character
Useful for auditor and
penetration testers
Lepton’s Crack
http://usuarios.lycos.es/reinob/

EC-Council
Mail PassView
Mail PassView is a password recovery tool that reveals the passwords and other
account information for various e-mail clients
It displays the account name, application, e-mail, server, server type, user
name, and the password

EC-Council
Messenger Key
http://www.lostpassword.com/
Messenger key tool recovers
passwords for Mirabilis ICQ UINs
Supports all versions of Mirabilis
ICQ starting with ICQ 99
Supports multilingual passwords

EC-Council
MessenPass
MessenPass tool reveals passwords of various instant messenger applications
It can be used to recover the passwords of only the current logged-on user on
your local computer

EC-Council
Netscapass
Netscapass tool reveals stored mail passwords for Netscape communicator 4.x,
Netscape 6.x/7
Reveals stored web-sites passwords in Netscape 6.x/7

EC-Council
Outlooker
http://www.d--b.webpark.pl/
Outlooker tool displays information about all email accounts and their
respective passwords from Outlook Express

EC-Council
PCAnywhere PassView
• Password used to protect all types of items
• Password used to protect remote control and caller items
Recovers two types of passwords from
Symantec PCAnywhere

EC-Council
Protected Storage PassView
Protected Storage PassView tool reveals passwords stored by Internet Explorer, Outlook
Express, and MSN Explorer
Reveals all AutoComplete strings stored in Internet Explorer and not just the
AutoComplete password
Reveals only the passwords of the current logged-on user

EC-Council
Share Password Checker
http://www.securityfriday.com/
Share Password Checker tool obtains the
list of shared folders on the network and
reveals the passwords of those folders
Operates on Windows 95/98/ME
• It acquires the list of the shared
folders but it only differentiates
folders which do not have a
password
In the case of Windows
NT/2000

EC-Council
X-Pass
http://www.scanwith.com/
Does not work on proprietary
password fields provided by some
applications
Works with Internet Explorer and
not Opera 7 or Mozilla Browser
• Fields include those that are
provided by Windows
X-Pass reveals all
system password fields

EC-Council
Other GUI Tools

EC-Council
• Time synchronization program that
sets computer time as that of
Internet time servers
• Time is accurate within 1 second of
coordinated universal time.
AtomicTime
• Lists all the favorites and bookmarks
of Internet Explorer and Netscape or
Mozilla browsers respectively in a
single page
FavouritesView
AtomicTime, FavouritesView
http://www.beyondstats.com/, http://www.nirsoft.net/

EC-Council
IECookiesView
IECookiesView tool displays list of cookies of the websites browsed by
Internet Explorer (IE)
Performs the related functions on cookies

EC-Council
IEHistoryView
IEHistoryView scans and lists information from the history file
Displays URLs and their complete details from history file

EC-Council
MozillaCookiesViewer
MozillaCookiesViewer displays details of cookies stored in the cookies file
named cookies.txt
Performs operations like deleting, backup/restore

EC-Council
MyUninstaller
MyUninstaller is an substitute for Add/Remove Program of Windows
operating system
Performs detail functions related to the installed application

EC-Council
Neutron, NewSID
http://keir.net/, http://technet.microsoft.com/
• Time synchronization program
• Retrieves time from Internet
Time Servers
• Sets this time for the computer
clock
Neutron
• Changes SID and renames the
computer
• Computer must have been cloned
previously
NewSID

EC-Council
ShortCutsMan
ShortCutsMan lists all information on shortcuts on the desktop under
the start menu

EC-Council
Timer, Stinger
http://keir.net/, http://www.siteadvisor.com/
• Record time for the onscreen
events
Timer
• Detects and removes specific
virus on the system
Stinger

EC-Council
WinUpdatesList
WinUpdatesList lists updates including Service packs and hotfixes on machines

EC-Council
SAFE Block
http://www.forensicsoft.com
SAFE Block provides quick and safe acquisition and/or analysis of any disk or
flash storage media attached directly to the forensic workstation
• Easy to use
• Unlocks the disk
• Remembers blocked state of devices
Features:

EC-Council
RootkitRevealer
RootkitRevealer is an advanced root kit detection utility
It can detect all persistent rootkits including Vanquish, AFX, and HackerDefender

EC-Council
Autopsy
http://www.sleuthkit.org/
The Autopsy forensic browser is a graphical interface to the command line
digital investigation analysis tools in the Sleuth Kit
It provides a "File Manager"-like interface and shows details about deleted data
and file system structures
• A dead analysis occurs when a dedicated analysis system is used to
examine the data from a suspect system
• A live analysis occurs when the suspect system is being analyzed while it is
running
Analysis modes:

EC-Council
Autopsy: Screenshot

EC-Council
Magic Rescue
http://www.freebsdsoftware.org/
Magic Rescue scans a block device for file types it knows how to recover and
calls an external program to extract them
It looks at "magic bytes" in file contents, so it can be used both as an undelete
utility and for recovering a corrupted drive or partition
It works on any file system, but on fragmented file systems, it can only
recover the first chunk of each file

EC-Council
Mailbag Assistant
http://www.qweas.com/
Mailbag Assistant comes to the rescue with turbocharged tools to
search, organize, analyze, and archive a mountain of messages
• Opens all your mail files, even those backed up on CD-ROMs or
ZIP drives
• Finds relevant messages quickly
• Filters out e-mails that contain virus attachments
• Examines email for evidence (computer forensics)
Features:

EC-Council
Mailbag Assistant: Screenshot

EC-Council
e2salvage
http://e2salvage.sourceforge.net/
e2salvage is a utility which tries to do in-place data recovery from
damaged ext2 filesystems
It recovers the directory structure of the filesystem

EC-Council
chkrootkit
http://www.chkrootkit.org/
• chkrootkit: shell script that checks system binaries for rootkit
modification
• ifpromisc.c: checks if the interface is in promiscuous mode
• chklastlog.c: checks for lastlog deletions
• chkwtmp.c: checks for wtmp deletions
• check_wtmpx.c: checks for wtmpx deletions
• chkproc.c: checks for signs of LKM trojans
• chkdirs.c: checks for signs of LKM trojans
• strings.c: quick and dirty strings replacement
• chkutmp.c: checks for utmp deletions
It contains:
chkrootkit is a tool to locally check for signs of a rootkit

EC-Council
Chkrootkit: Screenshot

EC-Council
Flash Forensic
http://www.infinadyne.com/
• Complete imaging of flash devices in raw format
• Simultaneously examines multiple devices and/or image files all
within the same session
• Thumbnail display for photos, including a complete print
capability
• Report generator
• MD5 hashing of media, images, and individual files
Features:
Flash Retriever is a professional tool for examining, recovering, and
documenting flash-based media

EC-Council
Flash Forensic: Screenshot

EC-Council
E-Mail Detective
http://www.hotpepperinc.com/
E-mail detective extracts AOL email that has been cached or saved on a user’s
disk drive
A comprehensive report is produced for examiner detailing the results

EC-Council
D.I.M. (Digital Investigation Manager)
http://dim.dflabs.com/
D.I.M. allows the user to catalog all pertinent information gathered
during digital investigation or forensic acquisition operations and to
generate reports
It automatically numbers the items of evidence and hosts for a given
case on the basis of the information contained in the database

EC-Council
D.I.M.: Screenshot

EC-Council
Summary
Currprocess will modify the priority of a particular process
ProcessMate lists all active processes and resolves their unique IDs, paths,
and number of threads
HijackThis scans computer browser and operating system settings to generate
a log file of the current state of a computer
ShoWin displays useful information about windows by dragging a cursor over
them
Magic Rescue scans a block device for file types it knows how to recover and
calls an external program to extract them

EC-Council

File000175

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to File000175

Similar to File000175 (20)

More from Desmond Devendran

More from Desmond Devendran (20)

Recently uploaded

Recently uploaded (20)

File000175