A curated list of awesome forensic analysis tools and resources
-
Updated
May 4, 2020
#
forensic-analysis
Here are 91 public repositories matching this topic...
2
alishasonawalla
commented
Apr 26, 2019
There is a broken link in the README.md file, in the sentence that reads:
Right clicking on a node exposes a context menu that allows you to run graph mutators.
It appears that the word graph mutators in the above sentence is intended to link to a mutators.md file under docs. But it seems that no such file exists. Is there another document it should be pointing to? Let me know if I ca
WinDBG Anti-RootKit Extension
windows
c-plus-plus
visual-studio
malware
driver
kernel-mode
crash-dump
windbg
malware-analysis
windbg-extension
malware-research
forensic-analysis
debugging-tool
memory-forensics
anomaly-detection
anti-rootkit
wdbgark
user-mode
sww
wa-haltables
wa-idt
wa-objtype
wa-ssdt
wa-colorize
wa-checkmsr
wa-pnptable
wa-crashdmpcall
wa-objtypecb
swwwolf
-
Updated
Feb 13, 2018 - C++
WhatsApp Parser Toolset v1.15
-
Updated
May 27, 2020 - Python
A collection of tools for forensic analysis
python
metadata
firefox
chrome
facebook
parse
cookie
skype
exif
forensics
facebook-messenger
whatsapp
exif-data-extraction
digital-forensics
html-table
metadata-extraction
forensic-analysis
metadata-extractor
exif-metadata
extract-metadata
exif-extractor
-
Updated
Sep 12, 2019 - Python
Python script to decode common encoded PowerShell scripts
-
Updated
Jun 13, 2018 - Python
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
hacking
forensics
penetration-testing
infrastructure-monitoring
forensic-analysis
blueteam
hacking-attack-tools
internal-pentest
redteaming
blue-team
redteam
hacking-tools
purpleteam
forensics-investigations
-
Updated
Aug 4, 2018 - Python
7
cmcaine
commented
Jan 1, 2018
Otherwise I can fingerprint on diacritic form, ligatures, etc.
I don't know if it also removes the homoglyphs. Might want to look into that.
NFKC does change the appearance of the text a bit if you're using display variants e.g. blacktype h Vs Latin h, but NFC normalisation permits too many fingerprinting options.
Awesome list of digital forensic tools
metadata
awesome
forensics
awesome-list
digital-forensics
forensic-analysis
investigative-journalism
-
Updated
Sep 18, 2019
CLI utility and Python module for analyzing log files and other data.
cli
security
parser
json
data-science
library
log-analysis
module
parsing
command-line
python-library
syslog
forensics
data-analysis
python-modules
log-parser
parsing-library
forensic-analysis
python-module
-
Updated
Mar 5, 2020 - Python
An OSINT Metadata analyzing tool that filters through tags and creates reports
-
Updated
Mar 18, 2019 - Python
Rootkit Detector for UNIX
-
Updated
May 31, 2018 - C
Analyze and help extract older "hidden" versions of a pdf from the current pdf.
-
Updated
Apr 14, 2020 - C
The Python implementation of the AFF4 standard.
-
Updated
May 25, 2020 - Python
UAC (Unix-like Artifacts Collector) is a command line shell script that makes use of built-in tools to automate the collection of Unix-like systems artifacts. The script respects the order of volatility and artifacts that are changed during the execution. Supported systems: AIX, BSD, Linux, macOS and Solaris.
macos
linux
freebsd
openbsd
incident-response
forensics
dfir
bsd
collector
shell-script
netbsd
solaris
aix
triage
computer-forensics
forensic-analysis
artifact
-
Updated
Jun 16, 2020 - Shell
CIRCL system forensic tools or a jumble of tools to support forensic
-
Updated
Sep 25, 2019 - Python
Tools for inspecting VM disk images
-
Updated
Nov 23, 2018 - Python
Recover files from damaged BTRFS filesystems
-
Updated
Feb 6, 2020 - Go
Open
Add more tools
gaurav-gogia
commented
Oct 2, 2018
Please add digital forensic tools along with their working/explanation.
Forensic Analysis Tool for Btrfs File System.
-
Updated
Aug 6, 2018 - C++
Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.
-
Updated
Oct 13, 2018 - PowerShell
CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)
-
Updated
Apr 18, 2018 - Shell
hook detector using emulation and comparing static with dynamic outputs
-
Updated
Jun 16, 2018 - C
Case Studies on Forensic Accounting using Data Analysis
-
Updated
Jan 10, 2019 - Jupyter Notebook
Monitoring Registry and File Changes in Windows
windows
registry
hacking
windows-10
python3
forensics
windows-7
hacking-tool
registry-hacks
forensic-analysis
registry-scripts
procmon
forensic-examinations
forensic
registry-data
hacking-tools
hacking-code
forensics-investigations
hackingtool
hackingtools
-
Updated
Jun 15, 2020 - Python
Repository containing several CTF write-ups
-
Updated
May 24, 2020 - Perl
Logs Forensic Investigator SSH
-
Updated
Oct 27, 2018 - Python
A dedicated repo to interact with the API of Timesketch
-
Updated
May 26, 2020 - Python
Improve this page
Add a description, image, and links to the forensic-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the forensic-analysis topic, visit your repo's landing page and select "manage topics."
The project works with 8 modules < reference source/Module >