Digital Forensics and Incident Response

An HTTP proxy, monitor, and reverse proxy tool for viewing HTTP and SSL/HTTPS traffic.

Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.

A simple framework for extracting actionable data from Android malware

A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.

YARA syntax highlighting for Gtk-based text editors

Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.

A collection of YARA rules for public use, built from intelligence profiles and file work.

A minimal library to generate YARA rules from JAVA with maven support.

A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.

SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.

Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.

A file search and query tool for ops and security experts.

PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.

A modified version of Cuckoo Sandbox with enhanced features and capabilities.

A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.

UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.

SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.

Python module for fast packet parsing with TCP/IP protocol definitions.