Displaying 1 to 20 from 52 results

sleuthkit - The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data

  •    C

The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations.

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

Free-Security-eBooks - Free Security and Hacking eBooks

  •    

A curated list of free Security and Pentesting related E-Books available on the Internet. If you want to contribute to this list (please do), send a pull request. All contributors will be recognized and appreciated.




awesome-hacking - Awesome hacking is an awesome collection of hacking tools.

  •    Python

Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. Every kind of contribution is really appreciated! Follow the :doc:`contribute`.

timesketch - Collaborative forensic timeline analysis

  •    Python

Timesketch is an open source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.

autopsy - Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools

  •    Java

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Installers can be found at: http://www.sf.net/projects/autopsy/files/autopsy

PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  •    Python

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.


plaso - Super timeline all the things

  •    Python

In short, plaso is a Python-based backend engine for the tool log2timeline. log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

SeqBox - A single file container/archive that can be reconstructed even after total loss of file system structures

  •    Python

An SBX container exists both as a normal file in a mounted file system, and as a collection of recognizable blocks at a lower level.SBX blocks have a size sub-multiple/equal to that of a sector, so they can survive any level of fragmentation. Each block have a minimal header that include a unique file identifier, block sequence number, checksum, version. Additional, non critical info/metadata are contained in block 0 (like name, file size, crypto-hash, other attributes, etc.).

goHackTools - Hacker tools on Go (Golang)

  •    Go

This project is licensed under MIT license. Please read the LICENSE file. Welcomes any kind of contribution. Please read the CONTRIBUTING, ISSUE TEMPLATE and CODE_OF_CONDUCT file.

hindsight - Internet history forensics for Google Chrome/Chromium

  •    Python

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline. The only field you are required to complete is "Profile Path". This is the location of the Chrome profile you want to analyze (the default profile paths for different OSes is listed at the bottom of this page). Click "Run" and you'll be taken to the results page in where you can save the results to a spreadsheet (or other formats).

pig - A Linux packet crafting tool.

  •    C

Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.Pig brings a bunch of well-known attack signatures ready to be used and you can expand this collection with more specific things according to your requirements.

diffy - Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response

  •    Python

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers.

flare-wmi

  •    C++

This repository contains various documentation and code projects that describe the Windows Management Instrumentation (WMI) technology. The research was first introduced at Defcon 23 in 2015, and the associated slides are available here: DEFCON_23-WMI-Attacks-Defense-Forensics.pdf. python-cim is a pure Python parser for the WMI repository database. It supports read access to WMI structures via a flexible API. You can use the provided "sample" scripts to dump persistence locations, identify commonly executed software, timeline activity, and recover deleted data.

BlockHashLoc - Recover files using lists of blocks hashes, bypassing the File System entirely

  •    Python

The purpose of BlockHashLoc is to enable the recovery of files after total loss of File System structures, or without even knowing what FS was used in the first place.The way it can recover a given file is by keeping a (small) parallel BHL file with a list of crypto-hashes of all the blocks (of selectable size) that compose it. So it's then possible to read blocks from a disk image/volume, calculate their hashes, compare them with the saved ones and rebuild the original file.

amt-forensics - Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password

  •    Python

This README contains instructions on how to use the scripts in this repository to retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password. The ideas from the script can be used to retrieve other pertinent information from Intel AMT via the ME Interface (MEI).You should be able to load http://localhost:16992/ in your browser now.

fatcat - FAT filesystems explore, extract, repair, and forensic tool

  •    C++

This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32.This will tell fatcat to begin on the 1048576th byte. Have a look to the partition tutorial.

docker-explorer - A tool to help forensicate offline docker acquisitions

  •    Python

This project helps a forensics analyst explore offline Docker filesystems. When analyzing a system where a Docker container has been compromised, it can be useful to have the same view of the filesystem as the container's.

awesome-forensicstools - Awesome list of digital forensic tools

  •    

Collection of digital forensics tools for verification, investigations, diagnostics and so on. Composed from: Bellingcat's Digital Forensics Tools list https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA, Forensics Wiki http://www.forensicswiki.org and assorted collections of forensic resources online. All contributions welcome. Please propose changes using github issue https://github.com/ivbeg/awesome-forensictools/issues or by direct writing pull request.