Greg Freemyer
gregfreemyer
Involved Projects and Packages
Parse::Win32Registry is a module for parsing Windows Registry files,
allowing you to read the keys and values of a registry file without going
through the Windows API.
It provides an object-oriented interface to the keys and values in a
registry file. Registry files are structured as trees of keys, with each
key containing further subkeys or values.
The module is intended to be cross-platform, and run on those platforms
where Perl will run.
It supports both Windows NT registry files (Windows NT, 2000, XP, 2003,
Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium
Edition).
It is intended to be used to parse offline registry files. If a registry
file is currently in use, you will not be able to open it. However, you can
save part or all of a currently loaded registry file using the Windows reg
command if you have the appropriate administrative access.
Python bindings for FUSE (User space File System)
rsnapshot is a filesystem snapshot utility for making backups of local
and remote systems. Using rsync and hard links, it is possible to keep
multiple, full backups instantly available. The disk space required is
just a little more than the space of one full backup, plus
incrementals. Depending on your configuration, it is quite possible to
set up in just a few minutes. Files can be restored by the users who
own them, without the root user getting involved. There are no tapes to
change, so once it's set up, you may never need to think about it
again.
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data
ssdeep is a program for computing and matching Context Triggered Piecewise Hashing values. It is based on a spam detector called spamsum by Andrews Trigdell
tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.
The Google Cloud Print service allows various ways
to register a printer. Many current generation printers
have support built in. Alternatively, there are software
interfaces that can run on computer and handle the
interaction with Google.
This package provides a CUPS compatible client that allows
an openSUSE computer to send files to Google for printing
on a registered printer.
When files are sent to Google's servers for transmission
to the printer it means that Google has access to them
so that those printed documents are no longer private.
Once CUPS-Cloud-Print is installed it has to be configured
by running as root:
/usr/share/cloudprint-cups/upgrade.py
/usr/share/cloudprint-cups/setupcloudprint.py
setupcloudprint.py only configures the client, so you will need
to have a registered printer at the Google Cloud Print service
prior to running setupcloudprint.py
upgrade.py should be re-run after each time CUPS-Cloud-Print
is updated. Because it accesses the Internet, it has to be run
manually after each update.
Various security tools that don't need their own subproject.
Please have a look at the Subprojects, listed at the 'Subprojects' tab for more tools.
Autossh is a program to start a copy of ssh and monitor it, restarting
it as necessary should it die or stop passing traffic. The idea and
the mechanism are from rstunnel (Reliable SSH Tunnel), but implemented
in C. The author's view is that it is not as fiddly as rstunnel to get
to work. Connection monitoring using a loop of port forwardings. Backs
off on rate of connection attempts when experiencing rapid failures
such as connection refused.
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.
Logsurfer+ v1.7 was released/renamed as logsurfer v1.8. For recent openSUSE releases install the logsurfer package.
Unlike the standard rm, srm overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that it can completely prevent that type of recovery. It is, essentially, a paper shredder for sensitive files.
srm is ideal for personal computers or workstations with Internet connections. It can help prevent malicious users from breaking in and undeleting personal files, such as old emails. It's also useful for permanently removing files from expensive media. For example, cleaning your diary off the zip disk you're using to send vacation pictures to Uncle Lou. Because it uses the exact same options as rm(1), srm is simple to use. Just subsitute it for rm whenever you want to destroy files, rather than just unlinking them.
ssdeep is a program for computing and matching Context Triggered Piecewise Hashing values. It is based on a spam detector called spamsum by Andrews Trigdell
tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.
This project contains forensic tools and libraries.
libvslvm is a library to access the Linux Logical Volume Manager (LVM) volume containers.
The main users of this library are python-dfVFS and python-plaso.
opensearch-py
dfwinreg, or Digital Forensics Windows Registry, is a Python module that provides read-only access to Windows Registry objects.
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computer and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
python bindings for libyara. YARA is a tool to identify and classify malware samples.
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:
Libprelude is a library that guarantees secure connections between all sensors
and the Prelude Manager. Libprelude provides an Application Programming Interface
(API) for the communication with Prelude sub-systems, it supplies the necessary
functionality for generating and emitting IDMEF events with Prelude and automates
the saving and re-transmission of data in times of temporary interruption of one
of the components of the system.
The PreludeDB Library provides an abstraction layer upon the type and the
format of the database used to store IDMEF alerts. It allows developers
to use the Prelude IDMEF database easily and efficiently without
worrying about SQL, and to access the database independently of the
type/format of the database.