forensic-analysis
There are 215 repositories under forensic-analysis topic.
cugu/awesome-forensics
A curated list of awesome forensic analysis tools and resources
Srinivas11789/PcapXray
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
yampelo/beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
ahmedkhlief/APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
B16f00t/whapa
WhatsApp Parser Toolset v1.59
dfir-iris/iris-web
Collaborative Incident Response platform
mesquidar/ForensicsTools
A list of free and open forensics analysis tools and other resources
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
shadawck/awesome-anti-forensic
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
AvillaDaniel/AvillaForensics
Avilla Forensics 3.0
swwwolf/wdbgark
WinDBG Anti-RootKit Extension
ivbeg/awesome-forensicstools
Awesome list of digital forensic tools
MK-Ware/Forensic-Tools
A collection of tools for forensic analysis
dfir-dd/dfir-toolkit
CLI tools for forensic investigation of Windows artifacts
Psmths/windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
JohnLaTwC/PyPowerShellXray
Python script to decode common encoded PowerShell scripts
Viralmaniar/Remote-Desktop-Caching-
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
dogoncouch/logdissect
CLI utility and Python module for analyzing log files and other data.
CScorza/Analisi-Digital-Forense
Strumenti di Acquisizione e Analisi di copie Forensi
DavidJacobson/SafeText
Script to remove homoglyphs and zero-width characters to allow for safe distribution of documents from anonymous sources.
cado-security/rip_raw
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
hashlookup/hashlookup-forensic-analyser
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
chriswmorris/Metaforge
An OSINT Metadata analyzing tool that filters through tags and creates reports
EC-DIGIT-CSIRC/sysdiagnose
Forensic toolkit for iOS sysdiagnose feature
xiosec/Computer-forensics
The best tools and resources for forensic analysis.
ChmaraX/forensix
Google Chrome forensic tool to process, analyze and visualize browsing artifacts
resurrecting-open-source-projects/dcfldd
Enhanced version of dd for forensics and security
AdamWhiteHat/Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
enferex/pdfresurrect
Analyze and help extract older "hidden" versions of a pdf from the current pdf.
bitranox/fingerprint
Monitoring Registry and File Changes in Windows
merces/entropy
CLI program to calculate the entropy of files
lxndrblz/forensicsim
A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.
cblichmann/btrfscue
Recover files from damaged BTRFS filesystems
vframeio/vframe
VFRAME: Visual Forensics and Metadata Extraction
visma-prodsec/columbo
Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.