Entropy is the binary package manager and can be used while running a live session of Sabayon Forensics. It can be ran from the terminal with the equo command or with rigo the gui version. I highly recommend using equo.
You will need to update the repository with equo update To see a list of commands equo --help
To install packages: equo install foo
To remove packages: equo remove foo
You can use the ask option to view deps before installing: equo install foo --ask
More indepth information can be found on the official Sabayon Wiki
chntpw is a software utility for resetting or blanking local passwords used by Windows. The SAM file can be found at c:/Windows/System32/config or c:/Winnt/System32/config
cd to proper directory
chntpw -l SAM This will list all users in the SAM file
chntpw SAM This will automatically change the administrator account
chntpw -u USERNAME SAM This will change a specific username password
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
To update the virus definitions, simple run as root: freshclam
Other Usage with clamscan:
Scan a single file:
Scan a current working directory:
Scan all files and subdirectories:
clamscan -r /directory
Scan all files and subdirectories, make a log of infected files, move infected to a location:
clamscan -ir /directory -l /var/log/clamscan.log -move=/tmp/virus
Ophcrack can be installed on the live system via the package manager. equo update && equo install ophcrack –nodeps I have choosen to leave ophcrack off the live for various reasons, mainly due to the tables and their sizes. I suggest downloading the tables and storing them on usb sticks or dvd discs and than loading them with ophcrack.
fcrackzip is a zip password cracker, similar to fzc, zipcrack and others. If you run into a zip file that is password protected, this guy works pretty well.
Lets say you download a zip file called sensitive.zip. You will want to run the dictionary against it:
frackzip -v -D -u -p /usr/share/dict/words sensitive.zip
You can see a list of available dictionaries with ls -la /usr/share/dict
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches.
Traceroute tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host. See traceroute in the manual of your system for more info.
Can see here an IP traced to yahoo
Can see here a trace of google and than using the IP found pulls up google
GParted is a free partition editor for graphically managing your disk partitions. It's simple and pretty straight forward to use. It works on x86 and x86-64 based computers running Linux, Windows, or Mac OS X
Perform actions with partitions such as: