A curated list of awesome forensic analysis tools and resources
-
Updated
Oct 13, 2021
#
forensic-analysis
Here are 134 public repositories matching this topic...
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
-
Updated
Jun 1, 2021 - Python
WhatsApp Parser Toolset v1.55
-
Updated
Aug 13, 2021 - Python
WinDBG Anti-RootKit Extension
windows
c-plus-plus
visual-studio
malware
driver
kernel-mode
crash-dump
windbg
malware-analysis
windbg-extension
malware-research
forensic-analysis
debugging-tool
memory-forensics
anomaly-detection
anti-rootkit
wdbgark
user-mode
sww
wa-haltables
wa-idt
wa-objtype
wa-ssdt
wa-colorize
wa-checkmsr
wa-pnptable
wa-crashdmpcall
wa-objtypecb
swwwolf
-
Updated
Jul 29, 2020 - C++
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
incident-response
python3
threat-hunting
windows-eventlog
forensic-analysis
purpleteam
windows-event-logs
apt-attacks
-
Updated
Sep 27, 2021 - Python
A list of free and open forensics analysis tools and other resources
windows
macos
linux
open-source
metadata
tools
timeline
network
forensics
free
awesome-list
image-analysis
digital-forensics
forensic-analysis
metada
forensics-investigations
computer-fore
forensic-tools
-
Updated
Aug 12, 2021
Awesome list of digital forensic tools
metadata
awesome
forensics
awesome-list
digital-forensics
forensic-analysis
investigative-journalism
-
Updated
Nov 16, 2020
A collection of tools for forensic analysis
python
metadata
firefox
chrome
facebook
parse
cookie
skype
exif
forensics
facebook-messenger
whatsapp
exif-data-extraction
digital-forensics
html-table
metadata-extraction
forensic-analysis
metadata-extractor
exif-metadata
extract-metadata
exif-extractor
-
Updated
Sep 12, 2019 - Python
Python script to decode common encoded PowerShell scripts
-
Updated
Jun 13, 2018 - Python
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
hacking
forensics
penetration-testing
infrastructure-monitoring
forensic-analysis
blueteam
hacking-attack-tools
internal-pentest
redteaming
blue-team
redteam
hacking-tools
purpleteam
forensics-investigations
-
Updated
Aug 4, 2018 - Python
7
cmcaine
commented
Jan 1, 2018
Otherwise I can fingerprint on diacritic form, ligatures, etc.
I don't know if it also removes the homoglyphs. Might want to look into that.
NFKC does change the appearance of the text a bit if you're using display variants e.g. blacktype h Vs Latin h, but NFC normalisation permits too many fingerprinting options.
UAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Reponse that makes use of built-in tools to automate the collection of Unix-like systems artifacts. Supported systems: AIX, FreeBSD, Linux, macOS, NetBSD, Netscaler, OpenBSD and Solaris.
macos
linux
freebsd
openbsd
incident-response
forensics
dfir
netscaler
bsd
collector
shell-script
netbsd
solaris
aix
triage
computer-forensics
forensic-analysis
artifact
-
Updated
Sep 4, 2021 - Shell
CLI utility and Python module for analyzing log files and other data.
cli
security
parser
json
data-science
library
log-analysis
module
parsing
command-line
python-library
syslog
forensics
data-analysis
python-modules
log-parser
parsing-library
forensic-analysis
python-module
-
Updated
Feb 8, 2021 - Python
An OSINT Metadata analyzing tool that filters through tags and creates reports
-
Updated
Mar 18, 2019 - Python
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
security
awesome
cybersecurity
awesome-list
antiforensics
forensic-analysis
anti-forensics
anti-forensic
-
Updated
Jul 24, 2021
Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.
-
Updated
Apr 9, 2021 - Python
Rootkit Detector for UNIX
-
Updated
May 31, 2018 - C
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
security
csharp
scanner
forensics
antivirus
threat-hunting
query-language
yara
forensic-analysis
yara-rules
mft
yara-scanner
forensics-investigations
threat-monitor
forensics-level-scanning
-
Updated
Sep 17, 2021 - C
Monitoring Registry and File Changes in Windows
windows
registry
hacking
windows-10
python3
forensics
windows-7
hacking-tool
registry-hacks
forensic-analysis
registry-scripts
procmon
forensic-examinations
forensic
registry-data
hacking-tools
hacking-code
forensics-investigations
hackingtool
hackingtools
-
Updated
Sep 24, 2021 - Python
The Python implementation of the AFF4 standard.
-
Updated
Aug 12, 2021 - Python
Analyze and help extract older "hidden" versions of a pdf from the current pdf.
-
Updated
Aug 31, 2021 - C
Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
-
Updated
Jul 8, 2021 - Shell
CIRCL system forensic tools or a jumble of tools to support forensic
-
Updated
Sep 25, 2019 - Python
Tools for inspecting disk images
-
Updated
Nov 23, 2018 - Python
Recover files from damaged BTRFS filesystems
-
Updated
Mar 12, 2021 - Go
Case Studies on Forensic Accounting using Data Analysis
-
Updated
Jan 10, 2019 - Jupyter Notebook
Enhanced version of dd for forensics and security
-
Updated
Aug 17, 2021 - C
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
-
Updated
Oct 17, 2021 - Python
VFRAME: Visual Forensics and Metadata Extraction
redaction
image-classification
object-detection
forensic-analysis
vframe
face-blur
image-search-engine
dnn-inference
-
Updated
Oct 11, 2021 - Python
Improve this page
Add a description, image, and links to the forensic-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the forensic-analysis topic, visit your repo's landing page and select "manage topics."
The project works with 8 modules < reference source/Module >