Factual Rules Generator is an open source project that generates YARA rules about installed software from a running operating system. The software aims to use a set of rules against collected digital forensic evidences to find installed software efficiently. It can be used to baseline known software from Windows systems and create rules for identifying similar installations on other systems. Dependencies include pefile, psutil, ndjson, python-tlsh, PyInstaller, ssdeep, and additional tools like xxd and curl.
FEATURES
ALTERNATIVES
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Forensic imaging program with full hash authentication and various acquisition options.
A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.