Forensia Logo

Forensia

0
Free
Visit Website

Forensia is an anti-forensics tool designed for Red Teamers to erase footprints in the post-exploitation phase, reducing payload burnout and increasing detection countdown. It can be used to test the capabilities of incident response/forensics teams by unloading Sysmon driver, Gutmann method file shredding, USNJrnl disabler, prefetch disabler, log eraser, event log disabler, user assist update time disabler, access time disabler, clear recent items, clear Shim cache, clear RecentFileCache, clear ShellBag, delete Windows Defender quarantine files, file melting capabilities, and more. It also includes an important update that adds the ability to clear recent items, Shim cache, RecentFileCache, ShellBag, and quarantine files, with upcoming features like USNJrnl execution on all disk drives, unallocated space rewriting, and further enhancements. Credits to various contributors are acknowledged.

FEATURES

ALTERNATIVES

Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

Python script to parse the NTFS USN Change Journal.

Create checkpoint snapshots of the state of running pods for later off-line analysis.

Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

PINNED