ChromeFreak
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. Dependencies: - None if using release executable on Windows. - Else: Install backports.lzma - Windows: Use latest wheel file available from [here] - Linux: Use a package manager, e.g. sudo apt install liblzma-dev - Install libewf libewf-legacy should be installed rather than libewf (experimental) - Newer experimental releases have a file corruption issue. - Windows: Use the MSI installer available from [here] - Linux: Use libewf-legacy build 20140806 (Windows ONLY) - Install pywin32: pip install pywin32 - Install remaining requirements: use requirements.txt - Use pip: pip install -r requirements.txt Usage: Create destination directory artifact_extractor.exe <source image> <dest dir> [-a <selected artifacts>] or artifact_extractor.exe -h for more options Credits: Joachim Metz and his libraries, John Corcoran for Unix Compatibility
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
Automated collection tool for incident response triage in Windows systems.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.