43 tools and resources
A powerful reverse engineering framework
A modified version of GNU dd with added features like hashing and fast disk wiping.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
Incident response framework focused on remote live forensics
A repository to aid Windows threat hunters in looking for common artifacts.
A tool for advanced HTTPD logfile security analysis and forensics, implementing various techniques to detect attacks against web applications.
A community-sourced repository of digital forensic artifacts in YAML format.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
A forensics tool for tracking USB device artifacts on Linux machines.
Advanced computer forensics software with efficient features.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Automated tool for detecting steganographic content in images, with F5 detection capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
A framework for creating and executing pynids-based decoders and detectors of APT tradecraft
A free, open source collection of tools for forensic artifact and image analysis.
Collection of YARA signatures from recent malware research.
iOS Mobile Backup Xtractor tool for extracting iOS backups.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Hoarder is a tool to collect and parse windows artifacts.
Andrew Case's personal page for research, software projects, and speaking events
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
Windows event log fast forensics timeline generator and threat hunting tool.
Tool for analyzing Windows Recycle Bin INFO2 file
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
Open source tool for generating YARA rules about installed software from a running OS.
Forensics tool for exploring offline Docker filesystems.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
Incident Response Documentation tool for tracking findings and tasks.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
