Browsing category
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application […]
Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large (or small!) number of devices submitted for forensic analysis. Kirjuri requires […]
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including: No need of remembering […]
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation: Manticore automatically generates inputs that trigger unique code paths Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations Execution Tracing: Manticore records an instruction-level trace of execution […]
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download and run the tool On your machine Use the following commands to download and […]
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, […]
WEFFLES is designed to be small and lightweight, both for speed of getting something deployed during an Incident Response and also for the sake of being sustainable in an environment going forward. It’s not necessary to be familiar with the underlying technology of Windows Event Forwarding to set up the solution as it’s scripted out […]
Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easly Dump process memory in one click Automaticly search hash in public services VirusTotal AlienVault OTX users users list find Search for suspicious files by name/regex netstat Whois logs […]
Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key (entropic and specific length) and then confirm its nature by analyzing the memory structure around it (C data types). The idea is to dump live memory of a process and use […]
This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32. Building and installing You can build fatcat this way: mkdir build cd build cmake .. make And then install it: make install Exploring Using fatcat Fatcat takes an image as […]
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. Some benefits One of its most enticing functions is the remote recognition of sessions. You can […]
srum-dump This program will create an excel spreadsheet containing forensics artifacts contained the SRUM (System Resource Utilization Manager) database. The program can be run with no input and it will prompt you for each of the needed arguments. The program requires two inputs. The first is an SRUM database. The SRUM database is usually Windowssystem32sruSRUDB.dat. […]
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another. Note: The signature is added, but not valid. ================================================================= ___ ___ ___ ______ ____ ______ __ __ ____ ____ | | | / _] | / | | || |__| || || […]
Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key features will not show up as plaintext in output of the strings.exe utility […]
OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party’s agents and daemons the old and deprecated system and […]