dc3dd
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
For many industrial control system devices, there is not a simple solution for programmatically accessing memory. Without an API, an incident responder or digital forensics analyst may be required to manually probe memory looking for anomalies or malicious activity. This project is intended to develop APIs that allow an analyst to adapt pre-existing tools or rapidly build new tools in order to target these devices. Current Devices: GE D20MX Future Work: JTAG Interface
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.
Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.
A tool for analyzing pentest screenshots using a convolutional neural network