Tools Flashcards

Question

DiskDigger

Answer 1

A program that undeletes and recovers lost files from hard drives, memory cards, and USB flash drives. This tool can be used to recover documents or photos accidentally deleted from the computer or from a reformatted camera memory card or can be used to check the files that are on an old USB drive.

Answer 2

Data recovery software designed to restore files accidentally deleted from hard disks and memory cards. The program can recover files damaged by virus attacks, power failures, and software faults, or files from deleted and formatted partitions. If a program does not use the Recycle Bin when deleting files, it can restore such files. It can also recover files moved from the Recycle Bin after it has been emptied. It can also restore the full branch of a folder tree containing selected files and folders. It can also recover alternate data streams, which are used on the NTFS file system to store additional information about files.

Answer 3

Recovers files that have been lost, deleted, corrupted, or even deteriorated. The application searches, scans, and recovers files that are encrypted and password protected and restores them.

Answer 4

Recovers lost, deleted, or inaccessible data from Windows OS HDDs and other storage media. It helps to recover data lost due to hard drive corruption, formatting, and virus attack.

Answer 5

Recovers lost data from hard drives, RAID, photos, deleted files, iPods, and even removable disks connected via FireWire or USB.

Answer 6

Scans the entire system for deleted files and folders and recovers them. It scans the hard drives, partitions, external devices, and even CDs and DVDs for recoverable files. It provides two types of scans: the Quick Scan that uses MFT and the Deep Scan that uses file signatures. Once the scan is complete, one can either preview the files/folders or recover them to a preferred location.

Answer 7

Can recover accidentally deleted files, including files emptied from the Recycle Bin and from Windows Explorer with Shift + Delete. This tool also allows one to recover data from a reformatted partition (to any file system), and from a corrupted, deleted, or missing partition.

Answer 8

Searches for deleted files on the hard drive, or any external or portable drive connected to the computer. Files that are not overwritten can either be recovered or permanently deleted to prevent future recovery.

Answer 9

Recovers files from a crashed or virus-corrupted hard drive. It recovers an external drive or secondary drive. It scans the drive for the files and copies them to the second drive.

Answer 10

Recovers (undeletes) files that were accidentally deleted under Windows. It recovers the files that were accidently deleted from the Recycle Bin, or if the drive was formatted, or if the file system was damaged. It does not require installation and can run directly from a USB disk, flash drive, etc.

Answer 11

Recovers deleted files from one's Windows computer, recycle bin, digital camera card, or MP3 player.

Answer 12

Contains a CD/DVD ISO image that allows one to burn a bootable CD or DVD with a lightweight version of Windows 7 running in RAM (WinPE 3.0). It can recover data in case the system is not bootable and cannot attach the damaged hard disk drive to another machine.

Answer 13

Allows one to find and recover recoverable deleted files from NTFS and FAT-formatted volumes, regardless of their type; it can recover pictures, songs, movies, or documents. It will scan the hard drive and build an index of existing and deleted files and directories (folders) on any logical drive of the computer with supported file format. Once the scanning is complete, the user gets full control over the files to be recovered and the destination to be used for recovery.

Answer 14

File recovery software unites legacy backup catalogs from various systems and mediums into a single inventory. It provides support to multiple workstations and allows users to create catalog on their own. Once the catalogs are received, they are ingested into it, and users can access them through a secured online application. It has recovery tools such as email recovery; hex viewer; self-monitoring, analysis, and reporting technology (SMART); bad block/block usage diagnostics; imaging tools; copy disk; and refresh disk. It offers hard drive monitoring with SMART scan to protect the hard drives and erase functions to free-up storage.

Answer 15

Recovers the files and rescue service plans for storage devices. The tool recovers files from desktops, laptops, and external hard drives as well as tablets, and on-chip memory in smartphones.

Answer 16

Data recovery software used to retrieve the lost or formatted data, or data that is lost due to system crash. It can recover lost files from hard drive, external hard drive, USB drive, memory card, digital camera, mobile phone, MP3 player, and other storage media.

Answer 17

Software that works on FAT and NTFS file systems. This tool recovers the files emptied from the Recycle Bin, in a DOS window, from Windows Explorer with the SHIFT key held down. It recovers files that have been deleted by bugs, crashes, and viruses. It can recover files that the user has compressed or fragmented or even encrypted on NTFS file system.

Answer 18

A data recovery software for Windows PC. It can recover data from internal and external hard drives, USB flash drives, iPods, memory cards. It can recover files from partition loss, hard drive reformatting, failed bootups, accidental deletion, Recycle Bin cleanup, and memory card corruption.

Answer 19

File data recovery software recovers lost files; video, documents, and archives from hard disks; CD-ROMs; and lost pictures from digital camera memory. It can recover media's file system if it has been severely damaged or reformatted. This tool recovers lost partitions on different file systems and makes non-bootable disks function.

Answer 20

Recovers deleted files in all major data loss situations, whether lost from fixed hard drive partitions or from any USB storage media drive. The advanced data retrieval tool recovers files deleted from memory cards, digital cameras, USB drives, external HDDs, and music players, and it even recovers deleted hard drive partition files in a few mouse clicks.

Answer 21

A file "undelete" and data recovery utility for Windows 10, 8, 7, Vista, Server 2003, 2000, NT, and ME/98/95. It recovers files that have been accidentally deleted (including files removed from the Recycle Bin, in a DOS window, from a network drive, and from Windows Explorer with the SHIFT key held down) provided that recovery is attempted before the files are permanently overwritten by new data. It supports basic and dynamic disks, NTFS compression, alternate data streams, sparse files, Unicode filenames, etc. Except in severe cases, both the file and the folder path leading to the file can be recovered.

Answer 22

Recovers data if the hard drive's partition table, boot record, FAT/MFT, or root directory are lost or damaged; data was lost due to a virus attack; the drive was formatted; fdisk has been run; a power failure has caused a system crash; files were lost due to a software failure; or files were accidentally deleted. It can even recover your data when the drive is no longer recognized by Windows. This tool can likewise be used even if all directory information - not just the root directory - is missing.

Answer 23

Scans a computer or storage medium for deleted files and restores them on command. It works with computers, flash drives, cameras, and other forms of data storage. It scans the device, selects the files needed to recover, and restores the information or picture with the click of a button.

Answer 24

A data recovery software that works with all Windows OSs from Windows 98 to Windows 10, 8, 7, FAT 12/16/32, and NTFS file systems. It can restore the deleted files from lost/damaged partitions, formatted disks, deleted emails, hard drives and RAID systems, and photos and flash memory cards.

Answer 25

A data recovery software that helps to recover deleted files and restore deleted partitions. It restores the deleted volumes/partitions in-place, fixing volume boots sectors and ability to rollback partition changes. It supports Windows 10/8/7/Vista/XP, 2003/2008 Server OSs.

Answer 26

Software can be used to recover deleted files from a hard drive, flash drive, USB external drive, digital camera card, and more. It recovers deleted files after emptying the Recycle Bin or by using other deletion actions that bypass the Recycle Bin.

Answer 27

Recovers files from FAT and NTFS file systems. It recovers files on any local disk recognized by the software. An additional file recovery algorithm increases the file recovery quality. It can be run from disk and folder context menus. Graphics files, videos, and audio files can be previewed with it.

Answer 28

A data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors. The basic operation is fully automatic. If you use the mapfile feature of it, the data is rescued very efficiently, (only the blocks needed are read). It may be interrupted and resumed.

Answer 29

A data recovery software. It recovers data from logical disks and partitions as well as disks and partitions that have been re-formatted, damaged or deleted. In addition to disks with common Linux file systems, it recovers files from Windows, FreeBSD/OpenBSD/NetBSD/Solaris, and Macintosh formatted disks. Moreover, raw file recovery (scan for known file types) can be used for heavily damaged or unknown file systems. Recovered files can be saved to disks with any file system supported by the Linux kernel (i.e., ext2, ext3, FAT, NTFS).

Answer 30

Recovers lost, formatted or deleted data from Linux based volumes. The software that helps you recover lost or inaccessible data from any Ext4, Ext3, Ext2, exFAT, FAT32, FAT16, and FAT12 file system-based LINUX volumes.

Answer 31

- Recovers lost files and folders on Linux system - Scans and Recovers Linux OS data files - Performs data recovery from corruption and damages - Facility to recover Ext2 and Ext3 file systems in Linux OS

Answer 32

A file carving tool that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. It is file system independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigations and file recovery.

Answer 33

A GPL disaster recovery solution. It supports Linux (i386, x86_64, ia64) and FreeBSD (i386). It's packaged for multiple distributions (Fedora, RHEL, openSuSE, SLES, Mandriva, Mageia, Devian, Ubuntu, Gentoo). It supports tapes, disks, network and CD/DVD as backup media, multiple filesystems, LVM, software and hardware RAID, BIOS and UEFI.

Answer 34

A console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. It can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types.

Answer 35

A powerful free data recovery software. It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software: certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery is really easy utilizing this tool.

Answer 36

File data recovery software that recovers lost files; video, documents, and archives from hard disks; CD-ROMs; and lost pictures from digital camera memory. It can recover media's file system if it has been severely damaged or reformatted. This tool recovers lost partitions on different file systems and makes non-bootable disks function.

Answer 37

A file recovery tool for Mac. The tool scans and recovers files from the hard disk and external storage devices. It supports RAID recovery. The tool includes few advanced tools such as RAID Reconstructor, Mail Recovery, Hex Viewer, SMART, Bad Block Diagnostics, Imaging tools, and Disk Copy

Answer 38

A tool that recovers data from corrupt, deleted, and inaccessible partitions formatted by Mac. The tool recovers files from drives damaged by any virus attack, power failure, system crash, or files lost due to human error.

Answer 39

A Mac data recovery software from R-TT. It is designed for the Mac OS environment. It recovers files from HFS/HFS+ (Macintosh), FAT/NTFS/ReFS (Windows), UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD/Solaris), and Ext2/Ext3/Ext4 FS (Linux) partitions. In addition, raw file can be used for heavily damaged or unknown file systems. The tool can recover data on disks, even if their partitions are formatted, damaged, or deleted.

Answer 40

Mac software that recovers files from a crashed or virus-corrupted hard drive. It recovers photos, videos, and documents from crashed, corrupted, or non-mounting hard drives; accidentally reformatted hard drives or reinstalled OS; and previous deletion, damaged, or missing files. It can recover all file types from any HFS/HFS+ formatted drive.

Answer 41

It recovers documents, photos, music, or videos lost due to deletion from any HFS, HFS+, FAT, ExFAT, and NTFS format-based file system. It can perform Mac file recovery on iMac, MacBook Pro, Air, Mac Mini, and Mac Pro. It recovers all deleted files with their original file names. This tool can support RAW recovery on lost volumes.

Answer 42

Recovers deleted, inaccessible, and lost files from Mac's hard drive. It can recover files lost due to deletion, formatting of the drive, partition errors, corrupted file system, hard disks, solid state drives (SSDs), memory cards, USB sticks, CD/DVD discs, and various other storage devices.

Answer 43

Recovers data lost due to partition errors on external hard drives, file, and documents in the internal hard drive. It recovers and runs through all of its scanning functions and display a list of files that can be potentially recovered. This tool allows previewing the files and lets you choose the ones that can be successfully recovered.

Answer 44

Available for Mac Devices, it recovers deleted files. It can recover files from a disk that has been formatted or with a corrupted file system, or files with no file system at all. The tool can make it filesystem independent. The tool can work on hard disks, USB flash sticks, USB hard disks, and SSDs, SD cards, digital cameras, and android phones and tablets that are plugged into Mac.

Answer 45

Software that recovers photos, videos, documents, etc. on Mac hard drives and external devices. It can restore files from Mac hard drives, external hard drives, Mac notebooks, desktops, Mac server, USB drives, camcorders, memory cards, SD cards, digital cameras, mobile phones, laptops, and MP3 and MP4 players. The tool restores the lost partition and gets back the data from HFS+, FAT16, FAT32, exFAT, ext2-ext4, and NTFS file systems.

Answer 46

Partition recovery software that recovers data from lost, deleted, or damaged partitions by accident. This software aids to recover the data when hard drive has been crashed, MBR corrupted, disk repartitioned (fdisk), partition overwritten, etc.

Answer 47

A partition recovery tool used to recover lost or deleted data. This tool explores partition data before performing partitioning operations. It recovers volumes that were accidentally deleted or damaged due to a hardware failure.

Answer 48

A partition recovery tool that recovers the volumes and corrupted partitions and formatted and repartitioned hard drives to find lost data. It supports badly damaged, formatted, and repartitioned media, and rebuilds the original data structure.

Answer 49

Partition recovery software that recovers deleted and lost partitions. It works by locating and mounting partitions into the system, thereby making the lost partitions available to any generic disk volume. It will also work when any boot record (including the MBR) is missing, damaged, or overwritten.

Answer 50

Data recovery software that enables a user to recover deleted, corrupted, lost, or missing data from Windows NTFS partitions. It restores the lost partitions, files and folders.

Answer 51

It can recover deleted files and folders; restore lost data even if the partition is formatted or deleted; and restore data from a corrupted hard drive, virus infection, and unexpected system shutdown or software failure. It supports IDE, SATA, SCSI, USB hard disk, memory card, USB flash drive, and iPod. It includes four data recovery modules, namely, Undelete Recovery, Damaged Partition Recovery, Lost Partition Recovery, and Digital Media Recovery. Each data recovery module focuses on a different data loss case.

Answer 52

Linux partition recovery software that recovers data from damaged, deleted, or corrupted ext2 and ext3 volumes and even from initialized disks. An exhaustive scan of the drive is performed to locate lost volumes. All found data in the lost partition is then presented in a tree structure so that the file can be copied to a working volume. It is a quick, simple, and easy-to-use data recovery solution that helps in file recovery.

Answer 53

Recovers lost, deleted, formatted, or inaccessible data from ext4, ext3, ext2, FAT32, FAT16, and FAT12 file system-based volumes, irrespective of the instance of data loss.

Answer 54

A set of tools for analyzing problems with NTFS partitions and files, and Data Recovery in Manual and Automated modes. Partition Recovery: Scans disks and detects deleted or severely damaged volumes by recovering deleted or damaged NTFS partitions and files.

Answer 55

A data recovery software that recovers lost partitions and makes non-booting disks bootable when it is caused by faulty software, certain types of viruses, or human error (such as accidentally deleting a partition table).

Answer 56

Data recovery software that performs hard drive recovery; RAID and server recovery; database recovery; email recovery; photo, music, and video recovery; etc. It can recover data from any storage media for data loss caused by hard drive crash, physical or mechanical failure of the hard drive and other storage media, and data loss due to natural calamity, etc.

Answer 57

Partition recovery tool used for partition recovery and cloning. The tool recovers deleted or lost partitions from unallocated space due to any personal, hardware or software failure, or virus attack. It can recover deleted or lost partitions after repartitioning the hard drive.

Answer 58

It restores data from damaged FAT and NTFS disks, thereby recovering the original file and folder structure. The tool discovers all previously created volumes letting users to search and recover files from the deleted volumes.

Answer 59

Partition recovery software for Windows and server users. The tool scans to recover the formatted, damaged, and corrupted RAW files and partitions from external and internal hard disks to recover the partitions.

Answer 60

A binary application that makes Mac data recovery easy on both Intel and PowerPC Mac machines. It efficiently recovers files emptied from the Trash or lost due to inaccessible Mac volumes. The extensive volume scanning engine helps in recovering files from Mac volumes that fail to mount or have been accidentally formatted. The software has the capability to recover data even if the Disk Verify and Repair tool fails to retrieve the lost data.

Answer 61

Data recovery software recovers lost partitions and makes non-booting disks bootable again if it is caused due to faulty software, certain types of viruses, or human error (such as accidentally deleting a partition table).

Answer 62

Repairs the broken partitions and recovers the missing information. It recovers the lost and deleted files. The tool recovers files and folders from damaged, inaccessible, and repartitioned disks. It fixes corrupted disk system structures and rebuilds corrupted and overwritten file systems.

Answer 63

Mac data recovery software that recovers data from HFS/HFS+, FAT, NTFS, and other file systems. It undeletes Mac OS files using its two powerful Mac recovery methods: Quick and Deep scanning. Its data recovery for Mac OS X locates and recovers deleted files from any mountable media, including the main hard drive, external hard disk, memory cards, iPods, etc. It can recover photos, music, documents, applications, specific Mac OS X files, and other file formats.

Answer 64

Software that recovers lost, deleted, formatted, or inaccessible data from HFS, HFS+, HFS Wrapper, and FAT file system volumes irrespective of the data loss situation.

Answer 65

A Windows data recovery program. It uses thorough checks and cross-checks to derive the necessary information.

Answer 66

A graphical rainbow tables generator that helps attackers create rainbow tables from which they can crack the hashed password.

Answer 67

A password recovery or auditing application. It helps recover lost Microsoft Windows passwords by using dictionary attacks, hybrid attacks, rainbow tables, and brute-force attacks.

Answer 68

A Windows password cracker based on rainbow tables. It comes with a GUI and runs on multiple platforms.

Answer 69

A password recovery tool for Microsoft OSes. It allows recovery of passwords via network sniffing, cracking encrypted passwords using dictionary, brute-force, and cryptanalysis attacks. It covers some security aspects/weaknesses present in a protocol's standards, caching mechanisms, and authentication methods. This offers a simplified recovery of passwords and credentials from various sources.

Answer 70

A has cracker that uses a time-memory tradeoff algorithm to crack hashes. It pre-computes all possible plaintext-ciphertext pairs in advance and stores them in the "rainbow table" file.

Answer 71

An application that dumps the password hashes (OWFs) from NT's SAM database. It extracts LM and NTLM password hashes of local user accounts from the SAM database. This tool runs by extracting the binary SAM and system file from the file system and then extracts the hashes. One of the powerful features is that it is also capable of dumping protected files. Use of this program requires administrative privileges on the remote system.

Answer 72

A utility to reset the password of any user that has a valid local account on the Windows system. It supports Windows from NT3.5 to Win8.1, 64 bit, and also the server versions. It works offline, that is, the user has to shutdown his/her computer and boot off a CD or USB disk to do the password reset.

Answer 73

A password-cracking tool that resets or recovers passwords for different file types such as Windows OS, MS SQL Servers, RAR/PDF/Word/Excel/PPT files. The tool supports brute-force and dictionary attack. It can search for encrypted files.

Answer 74

A password recovery tool that is capable of retrieving the secure passwords using social engineering. It recovers passwords protecting office documents, ZIP, and RAR archives. Usually secure passwords require lengthy attacks to be recovered. The tool retrieves all instantly recoverable passwords and tries these passwords to unlock secure passwords.

Answer 75

A password recovery tool that cracks passwords and supports Unix, Windows, DOS, and OpenVMS. It detects weak Unix passwords, several crypt (3) password has types most commonly found on various Unix systems, Windows LM hashes, etc.

Answer 76

A password-cracking tool designed to brute force Web applications. It can be used to find unlinked resources (directories, servlets, scripts, etc.), brute-force GET, and POST parameters for checking different kinds of injections (SQL, XSS, LDAP, etc.), brute-force parameters (user/password), fuzzing, etc.

Answer 77

A password recovery tool that has a simple user interface, supports multiple hard disk drives, detects several SAM databases (if multiple OS were installed on one volume), and provides the opportunity to pick the right SAM before starting the password recovery process.

Answer 78

An easy-to-use tool that recovers passwords for MS Office files, archives, PDF documents, Windows Administrators, email accounts, and other. It recovers or resets many password types instantly, uses advanced password recovery attacks such as dictionary, Xieve, Brute-force, known password/part, previous passwords, and their combinations.

Answer 79

Resets Windows password on Windows 8/7/Vista/XP, and 2008/2003/2000 servers.

Answer 80

A small utility that displays a list of all LSA secrets stored in the Registry on a computer.

Answer 81

It audits user account passwords and recovers them in Windows NT/2000/XP/2003. It searches for attacks in the OS and fixes and recovers forgotten passwords. It allows .lcs files for password recovery.

Answer 82

A tool used to restore forgotten passwords, including Internet Explorer.

Answer 83

A tool that recovers the passwords by bypassing the authentication process of Windows-based OSs. It can be used for tech repairs, data recovery, and security audits as well.

Answer 84

A password recovery tool used to reset or restore the lost passwords for local and Microsoft accounts.

Answer 85

A password recovery tool that recovers the lost password. The tool generates different candidate passwords (keys), hashes them, and compares the computed hashes with the stored hashes. The tool offers different ways to generate candidate passwords.

Answer 86

A professional password reset app that helps a user to reset their forgotten passwords quickly.

Answer 87

A network security analyzer and Windows password recovery tool. It implements patented password recovery technologies developed in Passcape Software, such as artificial intelligence or pass-phrase attack.

Answer 88

Recovers lost or forgotten passwords. This tool recovers or resets passwords for Windows, PDF, ZIP, RAR, Office Word/Excel/PowerPoint documents. It also retrieves passwords for instant messengers, email clients, web browsers, FTP clients, and many other applications.

Answer 89

A Windows password recovery tool that helps recover forgotten Windows administrator/user password and domain administrator/user password for Windows OS, which includes Windows 10/8/7/Vista/XP/NT/2000 and Windows server 2000/2003/2008/2011/2012. The tool assists for Windows 8 Microsoft account password reset.

Answer 90

A network logon cracker tool that uses dictionary or brute-force attacks to try various passwords and login combinations against a login page. This tool supports Linux, *BSD, Solaris, Mac OS X, and any Unix and Windows (Cygwin) OSs.

Answer 91

A login brute-forcer for network services that allows remote authentication also

Answer 92

Used to detect stegano-hidden data in PNG and BMP image files. It can detect LSB steganography in PNG & BMP, zlib-compressed data, OpenStego, Camouflage 1.2.1, and LSB with The Eratosthenes set.

Answer 93

A python-based steganography tool used to give various information about any particular stego file and prints out any data embedded inside it.

Answer 94

Extracts any trailing data after the image's closing bytes, and any hidden files (or other images) embedded within the image. Short byte combinations such as JPEG's FFD8 FFE0 might sometimes create false positives.

Answer 95

A program detection tool and steganalysis suite. It detects the presence of both steganography and data hiding programs as well as the files in which the data payload may have been hidden (carrier files).

Answer 96

An anti-forensic tool to analyze the key steganographic algorithms. This tool implements algorithms that are configurable with a variety of filters. It implements the image analysis algorithms for the detection of hidden information. The software is developed in Java, allowing use in multiple OSes.

Answer 97

Application helps in hiding data in digital images, detect its presence, and test its robustness using any number of different adjustable techniques. It provides a framework to use multiple methods at the same time and can perform processing in both batch and parallel form.

Answer 98

An applet that displays both the locally logged-on users as well as users logged-on remotely. If you specify a username instead of a computer, PsLoggedOn searches the computers in the network neighborhood and shows whether the user is currently logged-on.

Answer 99

Command that is used for managing server computer connections. When used without parameters, it displays information about all logged-in sessions of the local computer.

Answer 100

When run without any options, it lists the currently active logged-on sessions. If the -p option is used, it provides information on the processes running in each session.

Answer 101

Command that reflects names of all files that are open on the server and the number of file locks on each file, if any. This command can also close individually shared files and remove file locks.

Answer 102

A simple tool for Windows that displays the list of all files that have been currently opened by other computers on the network. For every opened file, the following information is displayed: filename, username, computer name, permissions information, locks count, file owner, file size, file attributes, and more.

Answer 103

Command helps troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.

Answer 104

Tool helps in collecting information about network connection operative in a Windows system. This CLI tool provides a simple view of TCP and UDP connections, their state and network traffic statistics.

Answer 105

A native utility included in Windows XP Pro and later versions as a replacement for tlist.exe. It displays the list of applications and services along with the PID for all tasks that are running on either a local or a remotely connected computer. It provides options for output formatting, with choices between table, CSV, and list formats. The /svc switch can be used to list the service information for each process.

Answer 106

Displays basic information about the already running processes on a system, including the amount of time each process has been running (in both kernel and user modes).

Answer 107

A utility that reports the DLLs loaded into processes. You can use it to list all DLLs loaded into all the processes, into a specific process, or to list the processes that have a particular DLL loaded. It can also display full version information for DLLs, including their digital signature, and it can also scan processes for unsigned DLLs.

Answer 108

A utility that displays information about the open handles for any process in the system. You can use it to see the programs that have an open file or to see the object types and names of all the handles of a program.

Answer 109

Shows information about the handles and DLLs of the processes that have been opened or loaded. It consists of two sub-windows. The top window always shows a list of currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode. If it is in handle mode, handles that are opened by the process selected in the top window are shown. If it is in DLL mode, DLLs and memory-mapped files that the selected process has loaded are shown.

Answer 110

A command line utility. Its primary purpose it to monitor applications for CPU spikes and generating crash dumps during a spike to that an administrator or developer can determine The cause of the spike. It also includes hung window monitoring, unhandled exception monitoring, and generating dumps based on the values of system performance counters.

Answer 111

Forensically dumps the memory of a running process. It is a command line interface tool that dumps the whole process space, uses meta-information to describe the different mappings and states, and saves the process environment.

Answer 112

Checks if the network adapter(s) is running in promiscuous mode, which may be a sign that there is a sniffer running on the computer.

Answer 113

Can determine if a Windows system has network interfaces in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.

Answer 114

C:\Windows\System32\spool\PRINTERS

Answer 115

An optimized binary file editor for Windows platform. The tool is useful for viewing, modifying and analyzing hexadecimal data in extra large files and disks. It allows one to use basic functionality such as Type, Cut, Copy, Paste, Fill, Delete, Insert, Import, Export, and also features support for some advanced functionality such as overwrite and insert modes.

Answer 116

A program used to view information that is stored in memory when you use copy and cut functions in Windows OS. It displays the current content of the clipboard.

Answer 117

Shows the history of the commands typed into that prompt.

Answer 118

Provides investigators with details such as Share name(s), Resource Directory, and a Remark pertaining to the type of share. Shared resources ending with a '$' string do not appear when the local computer is accessed remotely.

Answer 119

A simple utility that reads and displays the data stored inside ESE database. It displays a list of all tables available in the opened database file, allows one to choose the desired table to view and view all records found in the selected table.

Answer 120

A simple utility that allows you to view the list of all drive letter assignments in the system, including local drives, remote network drives, CD/DVD drives, and USB drives - even if they are not currently plugged.

Answer 121

A command line tool that displays detailed information about devices on computers running Windows OS. It can be used to enable, disable, install, configure, and remove devices. It also performs device management functions on local computers and remote computers.

Answer 122

A hard disk partitioning and data management tool. It can create, delete, erase, format defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another.

Answer 123

It locates and mounts partitions into the system, thus making those lost partitions available. It will also work in case any Boot Record (including the Master Boot Record) is missing, damaged, or overwritten.

Answer 124

Allows you to extract thumbnail images from the thumbcache_*.db and iconcache_*.db database files found on Windows Vista, Windows 8, Windows 8, Windows 8.1, and Windows 10.

Answer 125

A program that performs a quick analysis of a crash dump file. It shows summary information about what the dump file contains. If the dump file is corrupt in such a way that it cannot be opened by a debugger, it will reveal the same to the investigator.

Answer 126

It can extract text from a file and find plain ASCII text, Unicode (double byte ANSI) text, and resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent listing of unwanted text.

Answer 127

FireEye's premier free endpoint security tool, provides host investigative capabilities to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.

Answer 128

A completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offers visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Answer 129

A hidden file on Windows OS that is used as virtual memory to expand the physical memory of a system.

Answer 130

A set of hexadecimal development tools for Microsoft Windows. It integrates advanced binary editing and data interpretation and visualization with the ease and flexibility of a modern word processor. It can edit, cut, copy, paste, insert, fill and delete binary data. You can also work with data in its native structure and data types using the application's integrated structure viewer and smart bookmarks.