Skip to content

Latest commit

 

History

History
182 lines (180 loc) · 17.7 KB

tools.md

File metadata and controls

182 lines (180 loc) · 17.7 KB
Raw

Not The Hidden Wiki

Learn Forensics

  1. Autopsy - link
  2. Foremost - link
  3. Remote Live Forensics - link
  4. Volatility 3.0 - link
  5. Volatility 2.0 - link
  6. stegoVeritas - link
  7. Virustotal - link
  8. Hybrid-Analysis - link
  9. Any-Run - link
  10. Hivetools - link
  11. Eric Zimmerman Forensic Tools - link
  12. GreyNoise - link
  13. BruteShark - link
  14. ThePhish - link
  15. Search Evasion Techniques - link
  16. Your Swiss Army knife to analyze malicious web traffic - link
  17. Extract and Deobfuscate XLM macros - link
  18. DetectionLab - link
  19. dftimewolf - link
  20. timesketch - link
  21. Andriller - is software utility with a collection of forensic tools for smartphones - link
  22. angr: a platform-agnostic binary analysis framework - link
  23. binwalk: Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images. - link
  24. bruteforce-luks: A tool to help recover encrypted LUKS2 containers - link
  25. chainsaw: Rapidly Search and Hunt through Windows Forensic Artefacts - link
  26. exif: Utility to read / write and edit metadata in image / audio and video files - link
  27. exifprobe: Exifprobe is a command-line tool to parse EXIF data from image files. - link
  28. exiftool: writing and editing meta information in image / audio and video files. - link
  29. exiv2: Image metadata library and toolset - link
  30. ExtractBitlockerKeys: extract the bitlocker recovery keys from a domain. - link
  31. foremost: Foremost is a forensic tool for recovering files based on their data structures. - link
  32. sleuthkit: Forensic toolkit to analyze volume and file system data - link
  33. ID Ransomware - link
  34. Event log explorer - link
  35. Returns logs events and protobuf parser - link
  36. Chrome logs events and protobufs parser - link
  37. DCode - link
  38. Sysinfo OST Viewer - link
  39. Zed is a system that makes data easier by utilizing our new super-structured data model. - link
  40. PCAP Analysis - link
  41. Disk recovery software - link
  42. Android Forensic - link
  43. MemProcFS-Analyzer - link
  44. Collect-MemoryDump - link
  45. Velociraptor - link
  46. Signal Forensics - link
  47. oletools - python tools to analyze MS OLE2 files - link
  48. Powerful Python tool to analyze PDF documents - link
  49. Loki - Simple IOC and YARA Scanner - link
  50. evtx2json extracts events of interest from event logs, dedups them, and exports them to json. - link
  51. Pure Python parser for Windows Event Log files (.evtx) - link
  52. PowerShell PE Parser - link
  53. FastIR Collector Linux - link
  54. OROCHI: The Volatility Collaborative GUI - link
  55. AutoVolatility: Run several volatility plugins at the same time. - link
  56. Volatility profiles for Linux and Mac OS X - link
  57. O-Saft: OWASP SSL advanced forensic tool - link
  58. PcapXray - link
  59. swap_digger - link
  60. Invoke-LiveResponse - link
  61. mac_apt: macOS Artifact Parsing Tool - link
  62. MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX). - link
  63. imago-forensics: Imago is a python tool that extract digital evidences from images. - link
  64. libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools - link
  65. turbinia: Automation and Scaling of Digital Forensics Tools - link
  66. Kuiper: Digital Forensics Investigation Platform - link
  67. PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. link - link
  68. OfficeForensicTools: A set of tools for collecting forensic information. - link
  69. CHIRP: A forensic collection tool written in Python. - link
  70. FastIR Artifacts: Live forensic artifacts collector. - link
  71. dfir_ntfs: An NTFS/FAT parser for digital forensics & incident response. - link
  72. MemProcFS: is an easy and convenient way of viewing physical memory as files in a virtual file system. - link
  73. LeechCore: Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent. - link
  74. PCILeech: Direct Memory Access (DMA) Attack Software. - link
  75. Static analysis powered security scanner for your terraform code - link
  76. Awesome Forensics - link
  77. Autoaudit: A log tampering detection tool - link
  78. Collection of steganography tools - link
  79. usermode memory scanner for windows - link
  80. collection of scripts and utilities to extract and rebuild linux based firmware images. - link
  81. application to analyze the EML file - link
  82. online tool for check email Reputation - link
  83. online tool to analyse pcap files - link
  84. zsteg - steganographic coder for WAV files - link
  85. wavsteg - steganography tool for WAV files - link
  86. sonicvisualiser - audio analysis software - link
  87. FOCA - metadata extraction tool for documents - link
  88. sherloq - malware classifier - link
  89. ghiro - digital image forensics tool - link
  90. iris-web - web interface for digital forensics - link
  91. incidents - incident response automation tool - link
  92. dfirtrack - digital forensics and incident response (DFIR) case management tool - link
  93. catalyst - incident response and threat intelligence framework - link
  94. PancakeViewer - Android SQLite database viewer - link
  95. libewf - library for forensic disk images - link
  96. imagemounter - tool for mounting forensic disk images - link
  97. Disk-Arbitrator - tool for managing disk arbitration on macOS - link
  98. timeliner - timeline generation tool for forensic investigations - link
  99. introducing-timeline - timeline explorer tool - link
  100. plaso - super timeline generation tool - link
  101. WinSearchDBAnalyzer - Windows Search database analysis tool - link
  102. IE10Analyzer - Internet Explorer 10 history analysis tool - link
  103. hindsight - forensic analysis tool for browsers - link
  104. chrome-url-dumper - Chrome URL dumping tool - link
  105. chrome_cache_view.html - Chrome cache viewer - link
  106. docker-explorer - Docker container analysis tool - link
  107. toolkit - Docker forensics toolkit - link
  108. OpenBackupExtractor - iOS backup extractor - link
  109. MEAT - Mobile Evidence Acquisition Toolkit (MEAT) - link
  110. iOS-Frequent-Locations-Dumper - iOS frequent locations dumper - link
  111. iLEAPP - iOS Logs, Events, and Properties Parser (iLEAPP) - link
  112. ALEAPP - Advanced iOS Logical Extraction and Analysis (ALEAPP) - link
  113. osxcollector - OS X forensic evidence collection tool - link
  114. OSXAuditor - OS X auditor and forensic analysis tool - link
  115. macMRU-Parser - OS X Most Recently Used (MRU) file parser - link
  116. Mac-Locations-Scraper - OS X locations scraper tool - link
  117. mac_apt - macOS artifact parsing toolkit (mac_apt) - link
  118. apfs-fuse - APFS (Apple File System) FUSE implementation - link
  119. python-ntfs - Python library for NTFS file system parsing - link
  120. RecuperaBit - filesystem recovery tool - link
  121. USN-Journal-Parser - USN (Update Sequence Number) journal parser - link
  122. ntfs-linker - NTFS junction point creation tool - link
  123. mftmactime - MFT (Master File Table) MAC (Modification, Access, Change) timeline generator - link
  124. MFTExtractor - MFT (Master File Table) extractor - link
  125. regrippy - Registry analysis tool - link
  126. RegRipper3.0 - Registry analysis tool (RegRipper 3.0) - link
  127. python-evt - Python library for parsing Windows Event Log files (EVT) - link
  128. pyshadow - Python library for NTFS shadow copy parsing - link
  129. LogonTracer - Logon and session timeline analysis tool - link
  130. computer_activity_view.html - Computer activity viewer - link
  131. hayabusa - Binary analysis framework - link
  132. fred - Forensic Registry EDitor (FRED) - link
  133. Blauhaunt - Anti-forensic tool detector - link
  134. beagle - A tool for searching and analysing the information found on web servers - link
  135. squey.org - A tool for parsing and analyzing windows event logs - link
  136. ?page=Networkminer - A tool for parsing and analyzing windows event logs - link
  137. kismet - Wireless network and device detector, sniffer, wardriving tool - link
  138. VolUtility - Web interface for Volatility Memory Forensics - link
  139. rekall - Memory analysis framework - link
  140. KeeFarce - Extract KeePass 2.x credentials from memory - link
  141. inVtero.net - .NET application analysis - link
  142. PhotoRec - File data recovery tool - link
  143. bulk_extractor - Forensic tool that scans a disk image, file, or a directory of files and extracts information of interest - link
  144. bstrings - Binary strings analysis tool - link
  145. guymager - Forensic imager - link
  146. dcfldd - Enhanced version of dd for forensics and security - link
  147. dcfldd.sourceforge.net - Enhanced version of dd for forensics and security - link
  148. dcfldd.sourceforge.net - Enhanced version of dd for forensics and security - link
  149. unix_collector - Unix system memory and binary analysis tool - link
  150. SPECTR3 - DFIR incident response and threat hunting platform - link
  151. LiME - Linux Memory Extractor - link
  152. ForensicMiner - Forensic incident response and intelligence gathering - link
  153. fit - Flexible and Intelligent Tracker - link
  154. fireeye.market - Artifact repository - link
  155. Fastir_Collector - Windows forensic memory collection tool - link
  156. avml - Memory analysis tool - link
  157. ArtifactExtractor - Forensic artifact extraction tool - link
  158. artifactcollector - Collects forensic artifacts on live Windows systems - link
  159. acquire - Evidence acquisition tool - link
  160. recon - Forensic investigation tool - link
  161. thor-lite - Host-based intrusion detection system (HIDS) for Windows - link
  162. uac - Forensic tool for the analysis of User Account Control (UAC) - link
  163. pofr - PowerForensics PowerShell module - link
  164. osquery - SQL-powered operating system instrumentation, monitoring, and analytics - link
  165. mig - MIG - Mozilla Investigation Game - link
  166. linux-explorer - Linux memory analysis tool - link
  167. IPED - Internet Picture Evidence Detector (IPED) - link
  168. tapir - Windows memory forensics tool - link
  169. laikaboss - File identification tool - link
  170. intelmq - Incident and event processing framework - link
  171. hashlookup-forensic-analyser - Hashlookup forensic analyser - link
  172. dissect - Disk image format converter - link
  173. dff - Digital Forensics Framework (DFF) - link
  174. dexter - Automated digital forensics tool - link
  175. winfe.net - Windows Forensic Environment (WinFE) - link
  176. sift - SANS Investigative Forensic Toolkit (SIFT) - link
  177. bitscout - Remote forensics tool - link