Tools and Utilities

Here are some tools and utilities commonly used for practices related to digital forensics:

Pdfinfo

Used to extract metadata of Portable Document Format (PDF) files

Commands

Installation

sudo apt install poppler-utils

Read the metadata of a PDF file

pdfinfo $pdffilename

ExifTool

Used to extract Metadata from files, especially images

Commands

Install

sudo apt install exiftool

Read EXIF data

exiftool $filename

Steghide

Stenography tool that is used to hide data within images and audio files, and also to recover hidden data embedded in files

Commands

Install

sudo apt install steghide

Handle embedded data

steghide info $filename #Get info from embedded data
steghide extract -sf $filename #Extract data from file

unPacker

Used to unpack or deobfuscate JavaScript code
https://matthewfl.com/unPacker.html

d4js

Used to deobfuscate JavaScript code
https://lelinhtinh.github.io/de4js/

deobfuscate.io

Also used to deobfuscate JavaScript code
https://deobfuscate.io

obfuscator.io

Used to obfuscate JavaScript code
https://obfuscator.io

Obfuscator.io Deobfuscator

Tool to deobfuscate JavaScript code specifically done with obfuscator.io
https://obf-io.deobfuscate.io

Shred

Used to delete and overwrite drive or file information in Linux

Commands

Install

sudo apt install coreutils

Usage

sudo shred $filename
sudo shred $filename -f     #Change permissions to allow overwriting
sudo shred $filename -n $n  #Specify number of times to overwrite
sudo shred $filename -v     #Verbose mode, show step-by-step
sudo shred $filename -u     #Truncate and eliminate file after overwriting
sudo shred $filename -z     #Overwrite with 0
sudo shred -vu /dev/$unit   #Delete a memory unit or partition

SDelete

A tool to delete and overwrite drive or file information in Windows
https://learn.microsoft.com/es-es/sysinternals/downloads/sdelete

FOCA

Fingerprinting Organization with Collected Archives is a tool designed to find metadata and hidden information in documents, analyzing websites as well as Microsoft Office, Open Office, PDF, and other documents
https://github.com/ElevenPaths/FOCA

Last updated 7 months ago

hashtagPdfinfo

hashtagCommands

hashtagExifTool

hashtagCommands

hashtagSteghide

hashtagCommands

hashtagunPacker

hashtagd4js

hashtagdeobfuscate.io

hashtagobfuscator.io

hashtagObfuscator.io Deobfuscator

hashtagShred

hashtagCommands

hashtagSDelete

hashtagFOCA

Pdfinfo

Commands

ExifTool

Commands

Steghide

Commands

unPacker

d4js

deobfuscate.io

obfuscator.io

Obfuscator.io Deobfuscator

Shred

Commands

SDelete

FOCA