OS X Auditor
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
This project helps a forensics analyst explore offline Docker filesystems. When analyzing a system where a Docker container has been compromised, it can be useful to have the same view of the filesystem as the container's. Docker uses layered backend filesystems like AuFS or OverlayFS, with each layer stored on the host's filesystem as multiple folders. Some JSON files are used by Docker to know what is what. Installation methods include PPA, PyPI, and cloning the repository. Usage involves finding the interesting container ID, mounting the container's filesystem in /mnt/container, and using tools like log2timeline.py or ls.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
A binary analysis platform for analyzing binary programs