forensic-analysis

There are 222 repositories under forensic-analysis topic.

  • cugu/awesome-forensics

    ⭐️ A curated list of awesome forensic analysis tools and resources

  • Srinivas11789/PcapXray

    :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

    Language:Python1.7k7823279
  • Digital-Forensics-Guide

    mikeroyal/Digital-Forensics-Guide

    Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

    Language:Python1.7k315212
  • beagle

    yampelo/beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

    Language:Python1.3k4950145
  • ahmedkhlief/APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

    Language:Python1.3k4725238
  • B16f00t/whapa

    WhatsApp Parser Toolset v1.59

    Language:Python1.1k79194267
  • ForensicsTools

    mesquidar/ForensicsTools

    A list of free and open forensics analysis tools and other resources

  • dfir-iris/iris-web

    Collaborative Incident Response platform

    Language:JavaScript1.1k27410193
  • shadawck/awesome-anti-forensic

    Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.

    Language:HTML79616490
  • ion-storm/sysmon-config

    Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

    Language:PowerShell7808920143
  • AvillaDaniel/AvillaForensics

    Avilla Forensics 3.0

    Language:C#7583923154
  • swwwolf/wdbgark

    WinDBG Anti-RootKit Extension

    Language:C++6206312178
  • ivbeg/awesome-forensicstools

    Awesome list of digital forensic tools

  • m14r41/PentestingEverything

    Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

    Language:JavaScript3646198
  • dfir-toolkit

    dfir-dd/dfir-toolkit

    CLI tools for forensic investigation of Windows artifacts

    Language:Rust32052226
  • windows-forensic-artifacts

    Psmths/windows-forensic-artifacts

    Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

  • MK-Ware/Forensic-Tools

    A collection of tools for forensic analysis

    Language:Python27721171
  • JohnLaTwC/PyPowerShellXray

    Python script to decode common encoded PowerShell scripts

    Language:Python21527235
  • Viralmaniar/Remote-Desktop-Caching-

    This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

    Language:Python21018156
  • sysdiagnose

    EC-DIGIT-CSIRC/sysdiagnose

    Forensic toolkit for iOS sysdiagnose feature

    Language:Python154119713
  • dogoncouch/logdissect

    CLI utility and Python module for analyzing log files and other data.

    Language:Python148113623
  • TRACE-Forensic-Toolkit

    Gadzhovski/TRACE-Forensic-Toolkit

    TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

    Language:Python1463415
  • CScorza/Analisi-Digital-Forense

    Strumenti di Acquisizione e Analisi di copie Forensi

  • xiosec/Computer-forensics

    The best tools and resources for forensic analysis.

  • DavidJacobson/SafeText

    Script to remove homoglyphs and zero-width characters to allow for safe distribution of documents from anonymous sources.

    Language:Python1368611
  • cado-security/rip_raw

    Rip Raw is a small tool to analyse the memory of compromised Linux systems.

    Language:Python1308016
  • hashlookup/hashlookup-forensic-analyser

    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

    Language:Python12641113
  • AnonCatalyst/Coeus-OSINT-ToolBox

    Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform for seamless OSINT investigations.

    Language:HTML123219
  • chriswmorris/Metaforge

    An OSINT Metadata analyzing tool that filters through tags and creates reports

    Language:Python1185012
  • ChmaraX/forensix

    Google Chrome forensic tool to process, analyze and visualize browsing artifacts

    Language:JavaScript1114324
  • resurrecting-open-source-projects/dcfldd

    Enhanced version of dd for forensics and security

    Language:C9591920
  • enferex/pdfresurrect

    Analyze and help extract older "hidden" versions of a pdf from the current pdf.

    Language:C8161213
  • Judge-Jury-and-Executable

    AdamWhiteHat/Judge-Jury-and-Executable

    A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

    Language:C#797215
  • forensicsim

    lxndrblz/forensicsim

    A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.

    Language:Python7753014
  • bitranox/fingerprint

    Monitoring Registry and File Changes in Windows

    Language:Python683111
  • merces/entropy

    CLI program to calculate the entropy of files

    Language:C++67548