Digital Forensics and Incident Response

ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.

CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.

A framework for orchestrating forensic collection, processing, and data export.

A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.

ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.

Embeddable Yara library for Java with support for loading rules and scanning data.

A modified version of GNU dd with added features like hashing and fast disk wiping.

Dynamic binary analysis library with various analysis and emulation capabilities.

Audio file steganography tool

An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.

ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.

Steganographic Swiss army knife for encoding and decoding data into images.

Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.

YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.

Orochi is a collaborative forensic memory dump analysis framework.

RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.

mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.

An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.

A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.

A module for loading Bro logs as tables in Osquery

Belkasoft offers cybersecurity solutions, training, and tools for businesses, law enforcement, and academia.

A tool that collects and displays user activity and system events on a Windows system.

HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.

Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.