Cloud Forensics Utils is a repository containing forensics tools designed for evidence collection from cloud platforms. The toolkit supports three major cloud providers: Google Cloud Platform, Microsoft Azure, and Amazon Web Services. The solution consists of a core module called libcloudforensics that implements functions specifically designed for incident response activities in cloud environments. These functions provide capabilities needed by forensics teams when investigating security incidents across cloud infrastructure. The repository includes a command-line interface (CLI) wrapper tool that provides access to the libcloudforensics functions through terminal commands. This CLI tool enables forensics professionals to execute cloud evidence collection tasks from the command line. The tool is designed to assist forensics teams in collecting digital evidence from cloud platforms during incident response investigations. It provides standardized methods for accessing and preserving evidence across different cloud service providers. Documentation is available through ReadTheDocs, providing installation instructions, user manual, and contribution guidelines for the open-source project.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.