ArtifactExtractor
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. Dependencies: - None if using release executable on Windows. - Else: Install backports.lzma - Windows: Use latest wheel file available from [here] - Linux: Use a package manager, e.g. sudo apt install liblzma-dev - Install libewf libewf-legacy should be installed rather than libewf (experimental) - Newer experimental releases have a file corruption issue. - Windows: Use the MSI installer available from [here] - Linux: Use libewf-legacy build 20140806 (Windows ONLY) - Install pywin32: pip install pywin32 - Install remaining requirements: use requirements.txt - Use pip: pip install -r requirements.txt Usage: Create destination directory artifact_extractor.exe <source image> <dest dir> [-a <selected artifacts>] or artifact_extractor.exe -h for more options Credits: Joachim Metz and his libraries, John Corcoran for Unix Compatibility
FEATURES
ALTERNATIVES
DMG2IMG is a tool for converting Apple compressed dmg archives to standard image disk files with support for zlib, bzip2, and LZFSE compression.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A command-line utility for extracting human-readable text from binary files.
A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.