Tools | University of Oregon: Information Security
Information Security Information Services home

Security Tools

Sensitive Number Finders

Sensitive number finders are scanning tools which search your hard drive in an effort to locate sensitive information such as Credit Card or Social Security Numbers. They run on the machine being scanned, and usually require administrative privileges to do an extensive search (searching through the entire /home directory, for example).

If you'd like to search your machine for sensitive information, we recommend Find_SSNs.

Instructions For Using Find_SSNs

Windows:
1. Download the .exe file from the Virginia Tech Website.
2. Unzip the package.
3. Run the executable file. You will be asked if you would like to scan for Social Security Numbers or Credit Card Numbers (we recommend both), for a type of report (we recommend HTML), for a directory to scan and a directory to place the output files in. Make sure to remember where you sent the output files!
4. Analyze the data in Find_SSNs.html.

Mac OSX:
Note: Python is required to run Find_SSNs. According to the python.org website: "Python comes pre-installed on Mac OS X, but due to Apple's release cycle, it's often one or even two years old. The overwhelming recommendation of the "MacPython" community is to upgrade your Python by downloading and installing a newer version from the Python standard release page." You can find the latest versions of Python here.

1. Download the source code from the Virginia Tech Website.
2. Unzip the package.
3. From the command line change into the directory you unzipped the files to and run:
python Find_SSNs.pyw -p <Directory-To-Scan> -o <Directory-For-Output-File> -t html -a

Linux
1. Download the source code from the Virginia Tech Website.
2. Unzip the package.
3. From the command line change into the directory you unzipped the to files and run:
python Find_SSNs.pyw -p <Directory-To-Scan> -o <Directory-For-Output-File> -t html -a

Windows

Intermute's CWShredder CWShredder™ finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.

LAVASOFT Ad-Aware: Adaware is a tool used for removing spyware from your computer.

Spybot Search & Destroy: Spybot Search & Destroy is a tool used for removing spyware from your computer.

ClamAntivirus (ClamAV) ClamAV is a free anti-virus software.

AVG Anti-virus: AVG Anti-virus is a free and lightweight anti-virus software.

Mcafee Virus Removal Tool (Stinger)

Foremost: Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.

PHP Window Event Log Parser

Disk Investigator: Disk Investigator helps you to discover all that is hidden on your computer hard disk. It can also help you to recover lost data. Display the true drive contents by bypassing the operating system and directly reading the raw drive sectors. View and search raw directories, files, clusters, and system sectors. Verify the effectiveness of file and disk wiping programs. Undelete previously deleted files.

LSP Fix: LSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible.

Microsoft Technet: Baseline Security Analyzer

Hijack This:

Linux/BSD

Clam Anti-virus: ClamAV is a free anti-virus software.

Foremost: Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Advanced Instrusion Detection Environment (AIDE)

LSOF - LiSt Open Files: Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It can also list communications open by each process.

chkrootkit: chkrootkit is a tool to locally check for signs of a rootkit.

ModSecurity (Apache Module): ModSecurity is an open source web application firewall that runs as an Apache module.

Wireshark (formerly Ethereal): Wireshark is a program that captures network traffic on a given network interface.

tcpflow: tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging.

tcpreplay: tcprelay is a a program that gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's.

Bootable

Sleuthkit: Both are open source digital investigation tools (a.k.a digital forensic tools) that run on Unix systems.

Knoppix: Knoppix is a bootable linux distribution.

SystemRescueCd: SystemRescueCd is a Linux system on a bootable CD-ROM for repairing your system and recovering your data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system utilities (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools).

HELIX: Helix is a modified version of Knoppix engineered carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

F.I.R.E: FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

DBAN: Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.