Pages

Saturday, September 13, 2008

PlainSight

I received word from the author today of a new open-source tool that's available called PlainSight. Eoin says that the tool is part of master's program, and at this point, the tool is somewhat proof-of-concept, but looking at the tool demos, it looks as if it has a bit of promise.

The main web page describes the tool this way:

PlainSight is a versatile computer forensics environment that allows inexperienced forensic pactitioners perform common tasks using powerful open source tools.

We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.

PlainSight incorporates other open-source tools (RegRipper, Volatility, etc.) to create a framework for examining disk and memory images, or local disks.

Eoin says that he plans to add the following:

- Better browser support (FF3, Opera, chrome),
- Some sort of e-mail viewer,
- Integrate in moreRegRipper plugins,
- Better support for other operating systems (currently supports Windows 98/2000/XP/Vista)

I've downloaded the ISO and would like to take a look at this as soon as I get a chance. It appears that this runs in a Linux/Knoppix environment, so perhaps some suggests might be to create a Windows version. After all, the description of the tool says it's for allowing inexperienced examiners to perform some tasks...so why not provide the capability in an environment that the examiner may be more familiar with.

Even so, at first glance, this is looks like it's the kind of thinking and effort that is needed in this community, and is definitely a step in the right direction.

No comments:

Post a Comment