RTCA v0.1 – Tool to assist Forensic analysis

RTCA v0.1 – Tool to assist Forensic analysis
Launch of the first version of RTCA licensed GPLv3 , the purpose of this application to facilitate forensic investigations under Windows
These features (evolving):
runs under Windows (XP, Vista, 2003, 2008, 7, 32bit (64bit version will be compiled) and 90% compatible Wine (use therefore possible under Linux);
can be executed from the command line;
completely portable
copy local files to the registry (binary);
Treatment and use of binary files, reg and local registry:
– Configuration of the machine: BootKeys, security features, serials … MS
– list of software, update,
– list of services and drivers
– userAssist keys (command history performed by each user)
– external USB media list connected to the machine
– a list of applications running at boot time
– network configuration, wireless SSID and
– list of accounts, users and hash passwords
– passwords stored in the registry (eg VNC)
– list the MRU and history
– list of used path
– Registry Viewer Lite
– treatment of damaged registry binary files
processing and exploitation of evt logs (Windows = Vista), log (format linux / unix) and local.
extraction of the file system:
– List of files and directories
– the rights of files and directories
– state hidden and protected system
– file explorer lite
list of processes and associated network ports
summary of all actions (audit logs, file and registry) made by date
Export / Import results in CSV, HTML and XML
Download in here : RTCA