D. Mares and Maresware

 
Featuring

    Home
BLOCKED E_mails
What's New
SOFTWARE

Reference

About Us
FAQ's
Articles
Resources

Our Company

Legal Notices
Contact Us
Blocked E_mails
My family
New House
Furniture

Anti-Virus users know this. Most downloadable programs are in .exe (executable) format. Some Anti-virus programs will require you to explicity allow the dmares.com domain to allow download of executables. If you can't do that, let me know, and i'll get you a zipped version. But if you can't get your anti-virus to exclude a domain, get a new anti-virus.

LIVE FREE or
vote dumb-o-crat

In loving memory of my wonderful wife, Brenda (1948-2012).
Her favorite poems
Rainbow Bridge Poem         Peace of wild things


Keep monitoring here for next KSU tool testing seminar.
A challenge  to see if your hash, copy, zip software passes the test.

The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs. Appropriate acknowledgment is appreciated.

Our software doesn't contain bugs. Its just operationally challenged.

Remember: The software is COMMAND LINE not GUI. So brush up on your typing skills.

Take a look at the top six articles on the articles page. And test your software and processes to see if it is really forensically sound.

Read them in the order they are listed here.

Catalog files  A preliminary article describing why I conducted all these tests.
Inventory/Catalog files  Creating an inventory of evidentiary files
Forensic file copying  Article tests over 40 "forensic" file copiers
Forensic Hashing  Article tests over 30 "forensic" hash programs.
ZIP-IT for forensic retention  Article test a few zipping programs and
ZIP_IT_TAKE2  More tests for your zipping capabilities.
ZIP_IT_HASHES   An unscientific discussion of container hash values.
MATCH FILE HASHES  Demonstrates hash matches using Maresware.
A HASH software buffet   How-to use Maresware hash software
A crude timeline   analysis batch file using Maresware software

Take a look at the most popular forensic programs:
SAMPLE DATA links to sample data (including some (complete, Android and iOS) "massaged" NSRL data files") for testing your software.

DISKCAT catalog files on disk.   Download the exe.
HASH hash (MD5 & SHA's) files on disk.   Download the exe.
MD5  MD5 and SHA hash files on disk & can
        MATCH hash against suspect hashes   Download the exe.
EML_PROCESS process eml headers.   Download the exe.
UPCOPY reliable forensic file copy.   Download the exe.
X-WAYS META processing. For those using true forensic software.   Download the exe.

Direct links to software and help pages
Files A-C  |  Files D-F  |  Files G-K
Files L-O  |  Files P-S  |  Files T-Z

Many of the programs are available in linux format also. Check the listings ie: Files D-F link, for the linux version. If you don't see a linux version, contact me, as it may be available, just not on the web site. All linux versions operate as near as possible to their Windows version. So outputs can be merged.

The software and respective help files are available from the various information pages. Follow the alphabetical links at the bottom of each page to the specific program. There you will find links to the html help files and the exe downloads (if the exe if available).

The software is supplied AS IS with no warranty of usability, reliability or correctness. It will be the users resonsibility to determine if the software meets their needs.

If you have problems with the software, please don't hesitate to email me for assistance. But first take a look at any restrictions that Microsoft may have instituted which may keep the program from being fully functional. IE: administrator privilege.

This page last updated: 07/10/2023

Top

 

LIVE FREE or
vote dumb-o-crat

In loving memory of my wonderful wife, Brenda (1948-2012).
Her favorite poems
Rainbow Bridge Poem         Peace of wild things


A challenge  to see if your hash, copy, zip software passes the test.

Todays Software Special
read it while its hot

Lets talk file cataloging with DISKCAT, or listing the files in your evidence tree.

Whenever you seize evidence isn't creating an inventory of the seized items a primary operation? So, when seizing computer evidence in preparation of a forensic exam you might consider creating an inventory or catalog of those files which are located on the suspect computer and thus seized as evidence. Yes/No??
If so, lets create an evidence catalog; a list of files in the tree. Or as I call it, diskcat, for disk cataloging. For this operation consider using the DISKCAT   program.
The diskcat program is specially designed to find and list ALL the files (or only user selected file types, ie: *.doc *.txt, *jpg etc.) within the specified directory trees. Notice I said trees not tree. Because on the command line you can point it to a number (up to 10) of directories to search and thus create a catalog or listing of ALL the files contained within the directory trees.
The output can be customized to include any or all three (MAC) file times; find files based on file time or file size; full path, drive serial number and label, a user specified identifier to uniquely identify this suspect computer from the other suspect computer(s) in the listing, any NTFS Alternate Data Streams; and other stuff. (thats a technical term).
The output contains delimited fields, sample here, for easy import to your favorite spreadsheet;
COMMENT | PATH      |SIZE|ATTR  |   CDATE  | CTIME       | TZ| SERIAL # | DISK LABEL 
Susepct1|C:\password|  60|ARH...|2020/01/01|07:34:56:789c|GMT| 7EF7-17FC| DRIVE_C
If you want to see more software special summaries, click here

What's New: Don't let the age fool you. This software gets better with age, like me.

(12/2020) UPCOPY,   Added --RETry on -H hash/network errors.

(7/2019) TOUCH,   Linux clone to change any MAC date/time.

(6/2019) UPCOPY,   HASH,   DISKCAT,  all updated to be able to put UNICODE filenames to log files. (--UNICODE=unilog option)

(4/2019) UPCOPY,   can now not only identify Alternate Data Streams, but can export them to "normal" files. (--ADSEXTRACT options)

(6/2018) VERTICLE. A program to reprocess "horizontal" delimeted records and reform it so that each field becomes a new line. Easy reading for inclusion into narrative reports.

(4/2018) MD5. MD5 updated to match MD5 and all SHA values against provided file.

(3/2017) URL_SRCH. Added capability to find IPV6 standard format. URL_SRCH finds files that contain IP addresses, e-mail addresses, and URL formats. It then provides a list of those files for the user to act upon.

(7/2012) EML_PROCESS. A program to parse .eml files and extract header metadata to a delimeted file for easy spreadsheet import. Get the .exe file

Today Rant
Those wooden flags you see above are given to persons and organizations I think would appreciate them and what they stand for. Over the past year I have given these flags to two national news persons and another TV personality who routinely advertise good intentions on TV. Of all these individuals, only ONE has even responded to the receipt of the item. That goes to show, even the most sincere TV personalities may not be what they show publicly.

Home  |  Whats NewAbout Us  |  FAQ's  |  Articles  |  Resources  |  Legal Notices  |  Contact Us  |
Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |
 |  SoftwareData Analysis Software  |  Forensic Processing Software  |  Linux Processing Software  |
 
copyright © 1998-2023 by Dan Mares, & Mares and Company, LLC