Browsing category
Redline provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile. With Redline, you can: Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history. Analyze […]
Born from an idea of Stefano Fratepietro, DEFT (acronym for Digital Evidence & Forensics Toolkit) is a distribution made for Digital Forensics and Incident Response, with the purpose of running live on systems without tampering or corrupting devices (hard disks, pendrives, etc…) connected to the PC/Mac where the boot process takes place. The DEFT system […]
The Guasap Forensic implemented in Python under the GNU General Public License, for the extraction and analysis of files, data bases and logs for forensic WhatsApp. What it does? Check root in device Extract DB and multimedia files (no root) Extract and analyze (deleted messages and others) DB and logs (only root) How to use? […]
The field of computer Forensics Analysis involves identifying, extracting, documenting, and preserving information that is stored or transmitted in electronic or magnetic form (that is, digital evidence) Forensics Analysis – Volatile Data: The data that is held in temporary storage in the system’s memory (including random access memory, cache memory, and the onboard memory of […]
usbkill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer. To run: sudo python usbkill.py or sudo python3 usbkill.py Here are some reasons to use this tool: In case the police or other thugs come busting in (or steal your laptop from you when you […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, […]
Loki is a free and simple IOC (Indicators of Compromise) scanner, a complete rewrite of main analysis modules of the APT Scanner THOR. Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on file data and process memory Hash check Compares known […]
We often watch experts in movies using forensic tools for their investigations but what cyber forensic tools are used by experts? Well, here are top 7 cyber forensic tools preferred by specialists and investigators around the world. “Torture the data and it will confess to anything” Ronald Coase. Cyber forensic: As the title says, it is […]
DAMM (Differential Analysis of Malware in Memory) is an open source memory analysis tool built on top of Volatility. It is meant as a proving ground for interesting new techniques to be made available to the community. These techniques are an attempt to speed up the investigation process through data reduction and codifying some expert knowledge. […]
The Autopsy is a forensic tool which is used by the military, law enforcement, and corporate examiners to investigate what had happened on a smartphone or a computer. The Autopsy has a plug-in architecture which allows the user to find add-on modules or even develop custom modules written in Java or Python. Main features of […]
Skype Log Viewer allows you to view all of your Skype chat logs and then easily export them as text files. It correctly organizes them by conversation, and makes sure that group conversations do not get jumbled with one on one chats. Features Download Skype Logs Broken Database Support Change Export Format Organized by […]
Pac4Mac is a portable Forensics framework (to launch from USB storage) allowing extraction and analysis session information in highlighting the real risks in term of information leak (history, passwords, technical secrets, business secrets, …). It can be used to check the security of your Mac OS X system or to help you during forensics investigation. […]
Xplico is an open source network forensic analysis tool that supports HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, Facebook, MSN, RTP, IRC, and Paltalk protocols. The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), […]
Memoryze is a free memory forensic software that helps incident responders find evil in live memory. It can acquire and/or analyze memory images and on live systems can include the paging file in its analysis. Memoryze can: Image the full range of system memory (no reliance on API calls). Image a process’ entire address space to […]
FoxAnalysis is a forensic software tool for extracting and analyzing internet history from the Firefox web browser. Many types of data can be analyzed including website visits, downloads, form entries, saved logins and cached files. Features Extracted Data Types: Extracted data includes bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and website visits. Web History […]
Ghiro is an open source software for digital photo and digital image forensics. The forensic analysis is fully automated, report data can be searched or aggregated in different perspectives. It is designed to assist you in the process of analyzing a massive amount of images, it could become an essential tool in your forensic lab.Since […]
ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script ( e.g. , prefetch files). It is intended for incident response use at different stages in the analysis […]
Windows doesn’t provide a built in tool , through which you can check your S.M.A.R.T Data. You will have to use a third party tool to view this Information. CrystalDiskInfo Is an Easy to use program that can display your S.M.A.R.T. Status that is reported by Your Hard Drive in Windows. After Downloading. install it, […]
It has happened to most of us. You deleted a file and realize you need it back. But is it really deleted? Find out how to recover those files. If you’re not sure whether you permanently deleted a file, be sure to look around for it first. In Windows, you’ll want to open the Recycle […]
The average personal computer is a security nightmare ,but what if i were to tell you there was a way around this, a way to make windows secure? VPNs , proxies , and Tor only get you so far , but what do you do when they’ve traced it to your computer? Anti-forensics are designed […]