Displaying 1 to 10 from 10 results

PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  •    Python

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.

APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  •    Python

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter , Incident Responder or forensic investigator , i assure you will enjoy using this tool , why ? i will discuss the reason in this article and how it will make your life easy just it made mine . Kindly note this tool is heavily tested but still a beta version and may contain bugs . The first thing to do is to collect the logs if you didn’t and with powershell log collectors its easy to collect the needed logs automatically you just run the powershell scripts as administrator .

wdbgark - WinDBG Anti-RootKit Extension

  •    C++

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy. Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

awesome-forensicstools - Awesome list of digital forensic tools

  •    

Collection of digital forensics tools for verification, investigations, diagnostics and so on. Composed from: Bellingcat's Digital Forensics Tools list https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA, Forensics Wiki http://www.forensicswiki.org and assorted collections of forensic resources online. All contributions welcome. Please propose changes using github issue https://github.com/ivbeg/awesome-forensictools/issues or by direct writing pull request.




pdfresurrect - Analyze and help extract older "hidden" versions of a pdf from the current pdf.

  •    C

Analyze and help extract older "hidden" versions of a pdf from the current pdf.

lsrootkit - Rootkit Detector for UNIX

  •    C

Warning!!: the code is bullshit (is only a beta prototype). Very Important: if lsrootkit process crash you can have a rootkit in the system with some bugs: memory leaks etc.

btrfscue - Recover files from damaged BTRFS filesystems

  •    Go

btrfscue is an advanced data recovery tool for the BTRFS filesystem. Despite being a state of the art filesystem, at the time when I started writing this (Q2 2011), BTRFS did not have a stable fsck tool that is capable of restoring a filesystem to a mountable state after a power failure or system crash. Recently, this situation has somewhat improved with the btrfs restore command. Unlike this official tool, btrfscue is designed to be able to restore data from disk images that were obtained from faulty storage devices or if all superblocks were overwritten inadvertently. Being a recovery tool, btrfscue works best on disk images and will write recovered data to a directory. It can thus be used to convert BTRFS filesystems to any other filesystem supported by the host OS. It will also recover recently deleted files and directories and aid in BTRFS filesystem forensics.

emuhookdetector - hook detector using emulation and comparing static with dynamic outputs

  •    C

Warning!!: the code is bullshit (is only a beta prototype). The dynamic report in a non hooked machine should be very similar to static report.


logdissect - CLI utility and Python API for analyzing log files and other data.

  •    Python

For library documentation, see the API documentation. Logdissect is a CLI utility and Python library for analyzing log files and other data. It can parse, merge, filter, and export data (to log files, or JSON).

uac - UAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Reponse that makes use of built-in tools to automate the collection of Unix-like systems artifacts

  •    Shell

UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It respects the order of volatility and artifacts that are changed during the execution. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. UAC can also be run against mounted forensic images. Please take a look at the conf/uac.conf file for more details.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.