Pinned Repositories
ExeRunnerPro-475-2151_Bush_Garbutt_Reynolds
This tool will gather a list on a Windows machine of what programs were run and when they were ran.
FilesystemManipulatorDestroyer-475-2161_Hooker_Valenti
This tool is focused on anti-forensics and will perform task such as tool that can do many things such as wiping the drive or destroy file contents, manipulation of hashes, and other such activities when the system suspects that forensics are to be performed.
GRREAT-475_2141-Chaigon-Failey-Siebert
GRREAT is a tool written in Python that will integrate with Google GRR. It will allow the user to hash the contents of a box with a piecewise algorithm and store the hashes. The user could later hash the contents again to determine what has been changed and the extent of those changes.
InternetShadowTracker-475_2141-Gierczak-Sirianni-Chona
This tool pulls browsing history data and visualizes it into : graphs showing how often someone visits a site graphs showing where the servers of the site are located. shows location of where a website is hosted on a map.
LetItRain-475-2161_Good_Rodgers
This tool will take credentials or an API key for a cloud storage provider as input (Google Drive, Dropbox, etc) and download all available info (current files, deleted files, and file versions) from that provider. The data will be sorted into an easy-to-navigate directory structure, and both positive and negative hashing will be performed with a user-provided hash database. The tool will report with all matching "bad" hashes as well as which files that can be safely ignored. Available metadata for each file will be downloaded and stored in an easily accessible format.
MemCoin_474-2135_Andrews-Bornstein-Pagano
MEMCoin will indicate if a bitcoin wallet exists, will pull the contents of memory and search for indicators that might advance access.
Metadata_mapping_exif_data-475-2151_Rojas_Schoenfeld
Mostly all pictures, videos, documents taken with a smartphone, or created with a computer will have metadata associated with it. Some of this metadata allows us to create maps and timelines of where these pictures were taken. Using ExifTool, we can scrape out GPS coordinates from pictures and documents then using an API we can plot these coordinates in Google Maps or some similar mapping program. This can help forensic investigators and law enforcement identify the location of interesting places in an investigation or show the origin in which a file was created.
OpenSourceArtifactollectionToolkit-OSACT-475_2141-Cifranic-Mercado-Simmonds-Voellmer
OSACT is a collection of python modules aimed at the collection and analysis/presentation of forensically interesting artifacts on a Windows machine. It is primarily intended to be run against a live machine rather than a dead box or disk image.
RemoteNotify-475_2141-Coffie
The tool will show notifications when the system is being remoted into with tools such as Powershell Remoting(WinRM) or PSExec.
WirelessProximityMonitor_474-2135_Pittner-Sirianni-Swerling
Goal is to create a monitor of both Bluetooth and Wi-Fi traffic. Using this traffic we will attempt to track and analyze movement around a location.
ForensicTools's Repositories
ForensicTools/ExeRunnerPro-475-2151_Bush_Garbutt_Reynolds
This tool will gather a list on a Windows machine of what programs were run and when they were ran.
ForensicTools/FileFinder-CSEC475-2171-Alvarado-Daniels-Hothi
ForensicTools/ARM-anti-forensic-redundant-malware-CSEC475-2171-Bartelmo-Botschagow-Suter
ForensicTools/BassetHound
A Linux kernel module and userland utility pair to detect processes hidden by Linux kernel module (LKM) rootkits.
ForensicTools/bulk_extractor
This is the development tree. For downloads please see:
ForensicTools/computer-forensics-project
VERITAS
ForensicTools/PSEventScraper-CSEC462-2171-Kim-Swidrak
ForensicTools/SysInAnalysis-CSEC475-2171-Miller
ForensicTools/Sysmon_w_ELK-CSEC475-2171-Cosmadelis
ForensicTools/Bintracker-CSEC475-2171-Dayal-Procario-Sheldon
ForensicTools/HashHouse-CSEC475-2171-Keiser-Froling-Lunderman
ForensicTools/artifacts
Digital Forensics Artifact Repository
ForensicTools/bad-date
This tool detects timestomping by analyzing the MAC timestampts
ForensicTools/BinView
CSEC 467 Forensic Project
ForensicTools/BrowserTimelineRecovery-Kaminski-Rhodes
Attempts to recover deleted browsing history based on browsing data such as cookies, cache, etc.
ForensicTools/Crowdstrike_Falcon_Orchestrator-CSEC475-2171-Adler-Martin-Myers
ForensicTools/csf_project
ForensicTools/DFIR_-jcc6228-_CSEC464
Github repository for CSEC 464
ForensicTools/doorstop
PCAP analysis for finding reverse https backdoors
ForensicTools/forensics_project
ForensicTools/grr
GRR Rapid Response: remote live forensics for incident response
ForensicTools/Linfi-Shot-CSEC464-Steiner_Gopani
CLI linux tool to see if sketchy programs do sketchy things to important files.
ForensicTools/LogAnalysis-CSEC464-2181-Baker
ForensicTools/OS_Artifact_Collector_DeWall_Kovach
OS Artifact Collector CSEC-464
ForensicTools/See-Fire_CSEC464_Sochacki
ForensicTools/ShimCacheParser
ForensicTools/slackExtract
Extract data from slack space
ForensicTools/ViewInjectedThread
Project for CSEC464. Get Injected threads of processes on a system
ForensicTools/whodunnit
ForensicTools/zealot
A brief exploration into naive DNS examination using metadata, and forensic examination thereafter.