File Analysis

A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.

UPX is a high-performance executable packer for various executable formats.

A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.

A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.

A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.

A Python tool for in-depth PDF analysis and modification.

TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.

A tool to locally check for signs of a rootkit with various checks and tests.

A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.

Tool for analyzing Windows Recycle Bin INFO2 file

Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.

A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

A console program for file recovery through data carving.

A Python script for scanning data within an IDB using Yara

Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.

A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.

A command-line utility for extracting human-readable text from binary files.

An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.

Emulates browser functionality to detect exploits targeting browser vulnerabilities.

A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.