Forensia is an anti-forensics tool designed for Red Teamers to erase footprints in the post-exploitation phase, reducing payload burnout and increasing detection countdown. It can be used to test the capabilities of incident response/forensics teams by unloading Sysmon driver, Gutmann method file shredding, USNJrnl disabler, prefetch disabler, log eraser, event log disabler, user assist update time disabler, access time disabler, clear recent items, clear Shim cache, clear RecentFileCache, clear ShellBag, delete Windows Defender quarantine files, file melting capabilities, and more. It also includes an important update that adds the ability to clear recent items, Shim cache, RecentFileCache, ShellBag, and quarantine files, with upcoming features like USNJrnl execution on all disk drives, unallocated space rewriting, and further enhancements. Credits to various contributors are acknowledged.
FEATURES
SIMILAR TOOLS
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.