Vshadow
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
The artifactcollector project provides a software that collects forensic artifacts on systems. These artifacts can be used in forensic investigations to understand attacker behavior on compromised computers. Features: * Runs on Windows, Linux, and macOS * Can extract files, directories, registry entries, command and WMI output * Uses configurable and extensible Forensics Artifacts * Creates a forensicstore as structured output * It's open source and free for everyone (including commercial use) Installation: * Download from https://github.com/forensicanalysis/artifactcollector/releases or clone the repository and install using go install . Get artifacts & process forensicstores: * Extract raw artifacts or process collected data using elementary.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.
ForensicMiner, Redefine DFIR Automations
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.