Forensics
DFIR tools to add capabilities for the analyses of protocols and data
AD-Replication-Metadata
DescriptionThis simple script allows you to track past changes on your AD objects, even if event logs were wiped (e.g. during an Incident Response), using Replication metadata history. No special permissions needed (no admin required).
AnalyzePDF
Analyzes PDF files by looking at their characteristics in order to add some intelligence into the determination of them being malicious or benign.
AudioStego
Tool for hiding and retreiving information from audio files
AutoVolatility
Run all plugins for Volatility and pass reports out into folder structure for review
BruteShark
BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files)
Deepix
Depix is a tool for recovering passwords from pixelized screenshots
Extundelete
Extundelete is a utility to undelete files from an ext3 or ext4 partition
Face_recognition
Basic Python script for facial recognition
Freq-PS
PowerShell Script to analyse objects in order to determine randomness. For example analysing domain names for DGA's
Foremost
DFIR file carving tool. Link is for Source build. Prebuilt found on SourceForge
Hayabusa
Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
Hoarder
Hoarder is a script made to collect and parse the most valuable artifacts for forensics or incident response investigations rather than imaging the whole hard drive
NetworkMiner
NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD).
Orochi
Orochi is an open source framework for collaborative forensic memory dump analysis.
pyWhat
what's job is to identify what something is. Whether it be a file or text! Or even the hex of a file! What about text within files? We have that too! what is recursive, it will identify everything in text and more!
ssh_decoder
Can decrypt ssh connections if one end is using vulnerable openssl - from PCAP
StegCracker
Steganography brute-force utility to uncover hidden data inside files
Stego-toolkit
Many tools for Steganography challenges in one package. Can be run in docker.
Stegsolv
Steganography solving tool for image formats
unredacter
Shows you why you should never ever ever use pixelation as a redaction technique. For a more complete writeup of how this works, check out my blog post here.
ViperMonkey
ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc).
VolUtility
Web Interface for Volatility Memory Analysis framework
Win10_Volatility
Volatility with additional support for Win 10
Last updated
Was this helpful?