Alphabetical List of Computer Forensics Products

Timberline Technologies Logo
HOME SECURITY PRODUCT LINKS SECURITY RESOURCES

SECURITY WORKSHOPS SECURITY ADVISORY LINKS CONTACT INFORMATION

CONSULTING SERVICES SECURITY NEWS LINKS SITE MAP

New from Timberline Technologies:

Online Cryptography Course

with Lab Exercises

Tell me more ...

Alphabetical List of Computer Forensics Products

Disclaimer:

These links are provided as a free service to those seeking commercial information security products or shareware tools. The fact that a product is listed here is not an indication that Timberline Technologies LLC has evaluated it nor that we recommend it. The descriptive text is generally taken from the vendor's own product literature. The buyer has the ultimate responsibility to ensure that the information security product is suitable for its intended use. Please follow the links to the vendor pages to obtain more detailed information on a particular product. Additional guidance on product selection can be found in the On-Site Security Workshops.

Vendors Please Note: If your product does not appear in this index or if you feel that it has been incorrectly categorized please contact webmaster@timberlinetechnologies.com and the error will be corrected.

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Product Name Description

CRCMD5 (New Technologies) Mathematically creates a unique signature for the contents of one, multiple or all files on a given storage device. Such signatures can be used to identify whether or not the contents of one or more computer files have changed. This forensics tool relies upon 128 bit accuracy and can easily be run from a floppy diskette to benchmark the files on a specific storage device, e.g., floppy diskette, hard disk drive and/or zip disk. CRCMd5 can be used as the first step in the implementation of a configuration management policy. Such a policy and related system bench marking can help computer specialists isolate problems and deal with computer incidents after they occur. The program is also used to document that computer evidence has not been altered or modified during computer evidence processing.

DIBS Forensic Workstation (DIBS USA, Inc.) The DIBS® Forensic Workstation provides the complete solution to the problems faced by the computer crime investigator. Developed over a number of years by practicing forensic analysts the dedicated equipment meets the demands imposed by today's advanced enquiries.

DIBS Mobile Forensic Workstation (DIBS USA, Inc.) The DIBS® Mobile Forensic Workstation provides all the equipment required for on-site analysis of the contents of suspect computers. Contained in a case made of ultra high impact structural polypropylene, with a neoprene O-ring seal, the DIBS® Mobile Forensic Workstation is rugged and hard working and provides full protection for the forensic equipment inside. This includes a Pentium based laptop fully configured with analysis software, an external hard disk housing and three hard disk racks and drives for reconstructions, a black and white/colour printer, PCMCIA card, cables, connectors and mouse. The DIBS® Mobile Forensic Workstation allows on-site hard disk restorations and analyses.

DIBS Portable Evidence Recovery Unit (DIBS USA, Inc.) DIBS® Portable Evidence Recovery Unit is the efficient and easy way to copy the entire contents of a computer's hard disk. It was developed after working closely with senior police officers to find a fast, powerful and reliable way to retrieve potential evidence which was admissible in a court of law.

DIBS Professional Forensic Software (DIBS USA, Inc.) Available as a series of modules, each designed for specific tasks, DIBS® Analyzer is highly effective and productive software. Many time consuming jobs, such as undeleting files, are automated by the software, and as you work with DIBS® Analyzer you can print out evidence and examination details in a format that will be acceptable in a court of law.

DiskSearch 32 (New Technologies) Used find strings of text in files. Can be used to find strings of text in file slack and unallocated space. Also has the capability of finding similar or words that have been spelled incorrectly. Can also be used to search a storage device at a physical level.

DiskSig (New Technologies) This program is used to mathematically create a unique signature for the content of a computer hard disk drive. Such signatures can then be used to validate the accuracy of forensic bit stream image backups of computer hard disk drives. This program was primarily created for use with SafeBack software by Sydex Corporation. SafeBack is used by a majority of law enforcement computer specialists and has gained wide acceptance in the law enforcement and military community over the last nine years. For this reason, NTI has created this program to verify the accuracy of forensic bit stream backups and related restorations of the content of computer hard disk drives. Although this program was primarily developed for use with SafeBack, it can also be used with any bit stream backup utility.

DM (New Technologies) Freeware database analysis tool.

DRIVESPY (Digital Intelligence) A forensic DOS shell. It is designed to emulate and extend the capabilities of DOS to meet forensic needs. Whenever appropriate DRIVESPY will use familiar DOS commands (CD, DIR, etc) to navigate the system under investigation. When beneficial, DRIVESPY will extend the capabilities of the associated DOS commands, or add new commands as necessary. DRIVESPY provides a familiar DOS-like prompt during system navigation.

EnCase (Guidance Software) Fully integrated forensic application for Windows.

FileCNVT (New Technologies) Freeware tool that supplements supplements the FileList program from New Technologies. FileList is a forensic tool that is used to quickly catalog the contents of one or more computer hard disk drives. The FileList output is compressed so that the program and related output will normally fit on just one floppy diskette.

FileList (New Technologies) Used to quickly document information about files stored on one or more computer hard disk drives and other computer storage devices. This multi-purpose tool was designed for covert use, security reviews and forensic laboratory processing of computer evidence. It leaves no trace that it has been used and the output is compressed so that the output will usually fit on just one floppy diskette. It is compatible with DOS, Windows, Windows 95/98 and a special version is available for Windows NT systems.

FILTER (New Technologies) Freeware program used to remove binary (non-alphanumeric) characters from computer data. The program has been used by military and law enforcement agencies for years and was donated to the law enforcement community in 1991 by Michael R. Anderson (a New Technologies founder). Once a file has been processed with this program the contents can be printed and viewed with traditional computer applications, e.g., word processors.

Filter_I (New Technologies) This enhanced forensic filter utility is used to quickly make sense of non-sense in the analysis of ambient computer data, e.g. Windows swap file data, file slack data and data associated with erased files. Filter_I relies upon pre-programmed artificial intelligence to identify fragments of word processing communications, fragments of E-mail communications, fragments of Internet chat room communications, fragments of Internet news group posts, encryption passwords, network passwords, network logons, database entries, credit card numbers, social security numbers and the first and last names of individuals that have been listed in communications involving the subject computer. This software saves days in the processing of computer evidence when compared to traditional methods.

ForensiX (Fred Cohen & Associates) ForensiX provides a top-flight, extensible, forensic examination system for computer evidence, all in a user friendly graphically managed package. With its broad functionality, easy-to-use interface and built-in foresnic integrity mechanisms, ForensiX meets the need of corporate and law enforcement.

FRED (Digital Intelligence) Forensic Recovery of Evidence Device. A highly integrated platform which may be used both for the acquisition and analysis of computer based evidence. Can operate as a standard PC Platform when not in use for forensic acquisition or processing. FRED is available in stationary, mobile, or combined configurations.

FREDDIE (Digital Intelligence) Forensic Recovery of Evidence Device Diminutive Interrogation Equipment. The little brother of FRED from Digital Intelligence. Like FRED, FREDDIE is a highly integrated platform which may be used both for the acquisition and analysis of computer based evidence. FREDDIE is a highly portable solution which meets both imaging and processing requirements. FREDDIE also uses a standard ATX Motherboard, Power Supply and other components in order to minimize compatibility issues and maximize flexibility. The removable devices in the forensic bays can be interchanged between both FRED and FREDDIE.

GetFree (New Technologies) This program is used to capture all of the unallocated file space on DOS/Windows based computer systems for forensic analysis and review. A special version also exists for use with Windows NT systems. It is sold separately. The use of this program eliminates the need to restore potentially hundreds or thousands of files on a computer hard disk drives and floppy diskettes. It was primarily developed as a computer forensic tool for use in computer related investigations and internal audits. However, GetFree is also an ideal tool for computer security risk assessments because it automatically captures the data associated with unallocated space. Such data can be reviewed and analyzed using other NTI forensic tools to identify corporate computer policy violations and evidence in criminal and civil proceedings. From a security standpoint, this tool is also ideal for the validation of computer security scrubbers and related computer security procedures concerning the elimination of sensitive and or classified computer data.

GetSlack (New Technologies) This program is used to capture all of the file slack on a logical DOS/Windows hard disk drive or floppy diskette for analysis with other NTI forensic tools. A special version also exists for the processing of Windows NT systems. It is sold separately. The software is an ideal tool for use in investigations, internal audits and in computer security reviews. NTI places special importance on the use of this tool in computer security risk assessments because memory dumps in file slack are cause for security concern. Typically, network logons and passwords are found in file slack. It is also possible for file encryption passwords to be stored in memory dumps made to file slack.

IMAGE (Digital Intelligence) A standalone utility to generate physical images of floppy disks. The files which are generated by IMAGE, contain complete physical images of the diskette(s) being processed. IMAGE is capable of generating either highly compressed or "flat" images for forensic analysis. IMAGE utilizes internally implemented algorithms which are identical to those used in ZIP compatible archives. If desired, non-compressed (flat) images may also be generated to facilitate examination of the image file itself.

KeyGhost (KeyGhost) The KeyGhost® is a hardware key logger that records up to 2 million keystrokes on a flash memory chip. It starts recording immediately and unobtrusively the moment the computer is turned on. Users can detect file theft and inappropriate use of the computer before it is too late to act. It can be attached externally to the keyboard cable, or hardwired inside the keyboard. (Note: Be sure to read the legal disclaimer.)

NTAView (New Technologies) Freeware tool used in investigations related to Internet E-mail, Internet Browsing and Internet File Downloading. The program is for use with New Technologies Net Threat Analyzer (NTA) software. It can be used to determine E-mail and Internet browsing frequency and has built in features that provide for frequency distribution analysis of NTA's findings.

NTI-DOC (New Technologies) This program is used to essentially take an 'electronic snapshot' of files and subdirectories that have previously been identified as having evidentiary value. Having the program is like having a camera at the 'electronic crime scene'. It is a simple yet effective forensic documentation tool. The program automatically creates documentation that can be printed, viewed or pasted into investigative computer forensic reports. The original program titled DOC has been used for years by military and law enforcement computer specialists and was previously donated for law enforcement use by Michael R. Anderson, an NTI founder. This version contains enhancements that are not found in the original version.

OnLineDFS^TM (Cyber Security Technologies) OnLine Digital Forensic Suite^TM (OnLineDFS^TM) enables network-based, real-time investigations of live, running computer systems. It is ideal for rapid incident response, compliance management and e-discovery in enterprises, and for the needs of law enforcement. OnLineDFS enables the rapid, forensically sound examination of a computer without disrupting the operations of the enterprise. It delivers an extensive suite of functionality for the investigation and capture of volatile and persistent data from the computer under examination.

PART (Digital Intelligence) A Partition Manager which will list summary information about all the partitions on a hard disk, switch bootable partitions, and even hide and unhide DOS partitions.

Password Recovery Kit (New Technologies) Allows access to password protected files.

PDBLOCK (Digital Intelligence) A standalone utility designed to prevent unexpected writes to a physical disk drive. When PDBLOCK is executed on a computer its job is to prevent all writes to the physical drives. Handling both the standard Interrupt 13 and the Interrupt 13 Extensions, PDBLOCK is designed to be the next generation of write blockers providing protection for Large Hard Drives, FAT32(x), DOS 7.1. Prevents accidental overwriting of computer evidence.

ProDiscover DFT (Technology Pathways) A completely integrated Windows™ application for the collection, analysis, management and reporting of computer disk evidence. Designed specifically to meet NIST (National Institute of Standards and Technology) standards. Saves space on forensics workstations by creating compressed image files. Keeps original evidence safe by creating an exact bit-stream copy. Finds data hidden in Windows NT/2000 Alternate Data Streams. Includes powerful search capabilities.

PTable (New Technologies) Hard disk partition table analysis tool. This software tool is used in computer forensics to review and analyze the partition table(s) assigned to a hard disk drive. This tool is essential concerning network forensics and/or when multiple operating systems are stored on one hard disk drive in multiptle partitions. This software is also used to identify hidden data potentially stored in the partition gap or 'unknown' partitions.

Seized (New Technologies) Evidence preservation tool. This simple program is designed to limit access to computers that have been seized as evidence. All too often, 'resident computer experts' get curious and attempt to operate seized computers in hopes of finding clues or evidence. These individuals many times are not trained in computer forensics and are therefore unfamiliar with proper computer evidence processing procedures. They typically don't know that even the mere running of a computer system can overwrite evidence stored in the Windows swap file and/or in erased file space. This program was written to help prevent these common problems.

ShowFL (New Technologies) Freeware tool for the timeline analysis of computer usage. It is also helpful in the investigation of conspiracies when multiple computers and computer users are involved. It is made available here so that our clients will have easy access to the current version for use in conjunction with the FileList program from New Technologies.

TCT (Dan Farmer and Wietse Venema) Freeware - The Coroner's Toolkit. A collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in.

TextSearch Plus (New Technologies) Used to quickly search hard disk drives, zip disks and floppy diskettes for key words or specific patterns of text. It operates at either a logical or physical level at the option of the user.

HOME	SECURITY PRODUCT LINKS	SECURITY RESOURCES
SECURITY WORKSHOPS	SECURITY ADVISORY LINKS	CONTACT INFORMATION
CONSULTING SERVICES	SECURITY NEWS LINKS	SITE MAP

Product Name	Description
CRCMD5 (New Technologies)	Mathematically creates a unique signature for the contents of one, multiple or all files on a given storage device. Such signatures can be used to identify whether or not the contents of one or more computer files have changed. This forensics tool relies upon 128 bit accuracy and can easily be run from a floppy diskette to benchmark the files on a specific storage device, e.g., floppy diskette, hard disk drive and/or zip disk. CRCMd5 can be used as the first step in the implementation of a configuration management policy. Such a policy and related system bench marking can help computer specialists isolate problems and deal with computer incidents after they occur. The program is also used to document that computer evidence has not been altered or modified during computer evidence processing.
DIBS Forensic Workstation (DIBS USA, Inc.)	The DIBS® Forensic Workstation provides the complete solution to the problems faced by the computer crime investigator. Developed over a number of years by practicing forensic analysts the dedicated equipment meets the demands imposed by today's advanced enquiries.
DIBS Mobile Forensic Workstation (DIBS USA, Inc.)	The DIBS® Mobile Forensic Workstation provides all the equipment required for on-site analysis of the contents of suspect computers. Contained in a case made of ultra high impact structural polypropylene, with a neoprene O-ring seal, the DIBS® Mobile Forensic Workstation is rugged and hard working and provides full protection for the forensic equipment inside. This includes a Pentium based laptop fully configured with analysis software, an external hard disk housing and three hard disk racks and drives for reconstructions, a black and white/colour printer, PCMCIA card, cables, connectors and mouse. The DIBS® Mobile Forensic Workstation allows on-site hard disk restorations and analyses.
DIBS Portable Evidence Recovery Unit (DIBS USA, Inc.)	DIBS® Portable Evidence Recovery Unit is the efficient and easy way to copy the entire contents of a computer's hard disk. It was developed after working closely with senior police officers to find a fast, powerful and reliable way to retrieve potential evidence which was admissible in a court of law.
DIBS Professional Forensic Software (DIBS USA, Inc.)	Available as a series of modules, each designed for specific tasks, DIBS® Analyzer is highly effective and productive software. Many time consuming jobs, such as undeleting files, are automated by the software, and as you work with DIBS® Analyzer you can print out evidence and examination details in a format that will be acceptable in a court of law.
DiskSearch 32 (New Technologies)	Used find strings of text in files. Can be used to find strings of text in file slack and unallocated space. Also has the capability of finding similar or words that have been spelled incorrectly. Can also be used to search a storage device at a physical level.
DiskSig (New Technologies)	This program is used to mathematically create a unique signature for the content of a computer hard disk drive. Such signatures can then be used to validate the accuracy of forensic bit stream image backups of computer hard disk drives. This program was primarily created for use with SafeBack software by Sydex Corporation. SafeBack is used by a majority of law enforcement computer specialists and has gained wide acceptance in the law enforcement and military community over the last nine years. For this reason, NTI has created this program to verify the accuracy of forensic bit stream backups and related restorations of the content of computer hard disk drives. Although this program was primarily developed for use with SafeBack, it can also be used with any bit stream backup utility.
DM (New Technologies)	Freeware database analysis tool.
DRIVESPY (Digital Intelligence)	A forensic DOS shell. It is designed to emulate and extend the capabilities of DOS to meet forensic needs. Whenever appropriate DRIVESPY will use familiar DOS commands (CD, DIR, etc) to navigate the system under investigation. When beneficial, DRIVESPY will extend the capabilities of the associated DOS commands, or add new commands as necessary. DRIVESPY provides a familiar DOS-like prompt during system navigation.
EnCase (Guidance Software)	Fully integrated forensic application for Windows.
FileCNVT (New Technologies)	Freeware tool that supplements supplements the FileList program from New Technologies. FileList is a forensic tool that is used to quickly catalog the contents of one or more computer hard disk drives. The FileList output is compressed so that the program and related output will normally fit on just one floppy diskette.
FileList (New Technologies)	Used to quickly document information about files stored on one or more computer hard disk drives and other computer storage devices. This multi-purpose tool was designed for covert use, security reviews and forensic laboratory processing of computer evidence. It leaves no trace that it has been used and the output is compressed so that the output will usually fit on just one floppy diskette. It is compatible with DOS, Windows, Windows 95/98 and a special version is available for Windows NT systems.
FILTER (New Technologies)	Freeware program used to remove binary (non-alphanumeric) characters from computer data. The program has been used by military and law enforcement agencies for years and was donated to the law enforcement community in 1991 by Michael R. Anderson (a New Technologies founder). Once a file has been processed with this program the contents can be printed and viewed with traditional computer applications, e.g., word processors.
Filter_I (New Technologies)	This enhanced forensic filter utility is used to quickly make sense of non-sense in the analysis of ambient computer data, e.g. Windows swap file data, file slack data and data associated with erased files. Filter_I relies upon pre-programmed artificial intelligence to identify fragments of word processing communications, fragments of E-mail communications, fragments of Internet chat room communications, fragments of Internet news group posts, encryption passwords, network passwords, network logons, database entries, credit card numbers, social security numbers and the first and last names of individuals that have been listed in communications involving the subject computer. This software saves days in the processing of computer evidence when compared to traditional methods.
ForensiX (Fred Cohen & Associates)	ForensiX provides a top-flight, extensible, forensic examination system for computer evidence, all in a user friendly graphically managed package. With its broad functionality, easy-to-use interface and built-in foresnic integrity mechanisms, ForensiX meets the need of corporate and law enforcement.
FRED (Digital Intelligence)	Forensic Recovery of Evidence Device. A highly integrated platform which may be used both for the acquisition and analysis of computer based evidence. Can operate as a standard PC Platform when not in use for forensic acquisition or processing. FRED is available in stationary, mobile, or combined configurations.
FREDDIE (Digital Intelligence)	Forensic Recovery of Evidence Device Diminutive Interrogation Equipment. The little brother of FRED from Digital Intelligence. Like FRED, FREDDIE is a highly integrated platform which may be used both for the acquisition and analysis of computer based evidence. FREDDIE is a highly portable solution which meets both imaging and processing requirements. FREDDIE also uses a standard ATX Motherboard, Power Supply and other components in order to minimize compatibility issues and maximize flexibility. The removable devices in the forensic bays can be interchanged between both FRED and FREDDIE.
GetFree (New Technologies)	This program is used to capture all of the unallocated file space on DOS/Windows based computer systems for forensic analysis and review. A special version also exists for use with Windows NT systems. It is sold separately. The use of this program eliminates the need to restore potentially hundreds or thousands of files on a computer hard disk drives and floppy diskettes. It was primarily developed as a computer forensic tool for use in computer related investigations and internal audits. However, GetFree is also an ideal tool for computer security risk assessments because it automatically captures the data associated with unallocated space. Such data can be reviewed and analyzed using other NTI forensic tools to identify corporate computer policy violations and evidence in criminal and civil proceedings. From a security standpoint, this tool is also ideal for the validation of computer security scrubbers and related computer security procedures concerning the elimination of sensitive and or classified computer data.
GetSlack (New Technologies)	This program is used to capture all of the file slack on a logical DOS/Windows hard disk drive or floppy diskette for analysis with other NTI forensic tools. A special version also exists for the processing of Windows NT systems. It is sold separately. The software is an ideal tool for use in investigations, internal audits and in computer security reviews. NTI places special importance on the use of this tool in computer security risk assessments because memory dumps in file slack are cause for security concern. Typically, network logons and passwords are found in file slack. It is also possible for file encryption passwords to be stored in memory dumps made to file slack.
IMAGE (Digital Intelligence)	A standalone utility to generate physical images of floppy disks. The files which are generated by IMAGE, contain complete physical images of the diskette(s) being processed. IMAGE is capable of generating either highly compressed or "flat" images for forensic analysis. IMAGE utilizes internally implemented algorithms which are identical to those used in ZIP compatible archives. If desired, non-compressed (flat) images may also be generated to facilitate examination of the image file itself.
KeyGhost (KeyGhost)	The KeyGhost® is a hardware key logger that records up to 2 million keystrokes on a flash memory chip. It starts recording immediately and unobtrusively the moment the computer is turned on. Users can detect file theft and inappropriate use of the computer before it is too late to act. It can be attached externally to the keyboard cable, or hardwired inside the keyboard. (Note: Be sure to read the legal disclaimer.)
NTAView (New Technologies)	Freeware tool used in investigations related to Internet E-mail, Internet Browsing and Internet File Downloading. The program is for use with New Technologies Net Threat Analyzer (NTA) software. It can be used to determine E-mail and Internet browsing frequency and has built in features that provide for frequency distribution analysis of NTA's findings.
NTI-DOC (New Technologies)	This program is used to essentially take an 'electronic snapshot' of files and subdirectories that have previously been identified as having evidentiary value. Having the program is like having a camera at the 'electronic crime scene'. It is a simple yet effective forensic documentation tool. The program automatically creates documentation that can be printed, viewed or pasted into investigative computer forensic reports. The original program titled DOC has been used for years by military and law enforcement computer specialists and was previously donated for law enforcement use by Michael R. Anderson, an NTI founder. This version contains enhancements that are not found in the original version.
OnLineDFS^TM (Cyber Security Technologies)	OnLine Digital Forensic Suite^TM (OnLineDFS^TM) enables network-based, real-time investigations of live, running computer systems. It is ideal for rapid incident response, compliance management and e-discovery in enterprises, and for the needs of law enforcement. OnLineDFS enables the rapid, forensically sound examination of a computer without disrupting the operations of the enterprise. It delivers an extensive suite of functionality for the investigation and capture of volatile and persistent data from the computer under examination.
PART (Digital Intelligence)	A Partition Manager which will list summary information about all the partitions on a hard disk, switch bootable partitions, and even hide and unhide DOS partitions.
Password Recovery Kit (New Technologies)	Allows access to password protected files.
PDBLOCK (Digital Intelligence)	A standalone utility designed to prevent unexpected writes to a physical disk drive. When PDBLOCK is executed on a computer its job is to prevent all writes to the physical drives. Handling both the standard Interrupt 13 and the Interrupt 13 Extensions, PDBLOCK is designed to be the next generation of write blockers providing protection for Large Hard Drives, FAT32(x), DOS 7.1. Prevents accidental overwriting of computer evidence.
ProDiscover DFT (Technology Pathways)	A completely integrated Windows™ application for the collection, analysis, management and reporting of computer disk evidence. Designed specifically to meet NIST (National Institute of Standards and Technology) standards. Saves space on forensics workstations by creating compressed image files. Keeps original evidence safe by creating an exact bit-stream copy. Finds data hidden in Windows NT/2000 Alternate Data Streams. Includes powerful search capabilities.
PTable (New Technologies)	Hard disk partition table analysis tool. This software tool is used in computer forensics to review and analyze the partition table(s) assigned to a hard disk drive. This tool is essential concerning network forensics and/or when multiple operating systems are stored on one hard disk drive in multiptle partitions. This software is also used to identify hidden data potentially stored in the partition gap or 'unknown' partitions.
Seized (New Technologies)	Evidence preservation tool. This simple program is designed to limit access to computers that have been seized as evidence. All too often, 'resident computer experts' get curious and attempt to operate seized computers in hopes of finding clues or evidence. These individuals many times are not trained in computer forensics and are therefore unfamiliar with proper computer evidence processing procedures. They typically don't know that even the mere running of a computer system can overwrite evidence stored in the Windows swap file and/or in erased file space. This program was written to help prevent these common problems.
ShowFL (New Technologies)	Freeware tool for the timeline analysis of computer usage. It is also helpful in the investigation of conspiracies when multiple computers and computer users are involved. It is made available here so that our clients will have easy access to the current version for use in conjunction with the FileList program from New Technologies.
TCT (Dan Farmer and Wietse Venema)	Freeware - The Coroner's Toolkit. A collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in.
TextSearch Plus (New Technologies)	Used to quickly search hard disk drives, zip disks and floppy diskettes for key words or specific patterns of text. It operates at either a logical or physical level at the option of the user.