Displaying 1 to 8 from 8 results

PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  •    Python

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.

wdbgark - WinDBG Anti-RootKit Extension

  •    C++

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy. Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

awesome-forensicstools - Awesome list of digital forensic tools


Collection of digital forensics tools for verification, investigations, diagnostics and so on. Composed from: Bellingcat's Digital Forensics Tools list https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA, Forensics Wiki http://www.forensicswiki.org and assorted collections of forensic resources online. All contributions welcome. Please propose changes using github issue https://github.com/ivbeg/awesome-forensictools/issues or by direct writing pull request.

pdfresurrect - Analyze and help extract older "hidden" versions of a pdf from the current pdf.

  •    C

Analyze and help extract older "hidden" versions of a pdf from the current pdf.

lsrootkit - Rootkit Detector for UNIX

  •    C

Warning!!: the code is bullshit (is only a beta prototype). Very Important: if lsrootkit process crash you can have a rootkit in the system with some bugs: memory leaks etc.

btrfscue - Recover files from damaged BTRFS filesystems

  •    Go

btrfscue is an advanced data recovery tool for the BTRFS filesystem. Despite being a state of the art filesystem, at the time when I started writing this (Q2 2011), BTRFS did not have a stable fsck tool that is capable of restoring a filesystem to a mountable state after a power failure or system crash. Recently, this situation has somewhat improved with the btrfs restore command. Unlike this official tool, btrfscue is designed to be able to restore data from disk images that were obtained from faulty storage devices or if all superblocks were overwritten inadvertently. Being a recovery tool, btrfscue works best on disk images and will write recovered data to a directory. It can thus be used to convert BTRFS filesystems to any other filesystem supported by the host OS. It will also recover recently deleted files and directories and aid in BTRFS filesystem forensics.

emuhookdetector - hook detector using emulation and comparing static with dynamic outputs

  •    C

Warning!!: the code is bullshit (is only a beta prototype). The dynamic report in a non hooked machine should be very similar to static report.

logdissect - CLI utility and Python API for analyzing log files and other data.

  •    Python

For library documentation, see the API documentation. Logdissect is a CLI utility and Python library for analyzing log files and other data. It can parse, merge, filter, and export data (to log files, or JSON).