RTCA v0.1 – Tool to assist Forensic analysis

 RTCA v0.1 – Tool to assist Forensic analysis

Launch of the first version of RTCA licensed GPLv3 , the purpose of this application to facilitate forensic investigations under Windows

These features (evolving):
runs under Windows (XP, Vista, 2003, 2008, 7, 8) 32bit (64bit version will be compiled) and 90% compatible Wine (use therefore possible under Linux);
can be executed from the command line;
completely portable
copy local files to the registry (binary);
Treatment and use of binary files, reg and local registry:
– Configuration of the machine: BootKeys, security features, serials … MS
– list of software, update,
– list of services and drivers
– userAssist keys (command history performed by each user)
– external USB media list connected to the machine
– a list of applications running at boot time
– network configuration, wireless SSID and
– list of accounts, users and hash passwords
– passwords stored in the registry (eg VNC)
– list the MRU and history
– list of used path
– Registry Viewer Lite
– treatment of damaged registry binary files

processing and exploitation of evt logs (Windows <Vista), evtx (> = Vista), log (format linux / unix) and local.
extraction of the file system:
– List of files and directories
– the rights of files and directories
– state hidden and protected system
– file explorer lite

list of processes and associated network ports
summary of all actions (audit logs, file and registry) made by date
Export / Import results in CSV, HTML and XML

Download in here : RTCA

Advertisements

3 Comments

  1. I really did not find out about it, with thanks.

  2. Nice information, good luck along with writing later!

  3. Always remember “Imagination is more important than knowledge. For knowledge is limited to all we now know and understand, while imagination embraces the entire world, and all there ever will be to know and understand.” – Albert Einstein


Sorry, the comment form is closed at this time.

Comments RSS