FastIR Collector
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
Dump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/ Usage: python dump_freq_locs.py -output {k, c, e} <StateModel#.archive> Output Options: k - KML c - CSV e - Everything (KML & CSV) Dependencies: hexdump.py: https://pypi.python.org/pypi/hexdump ccl_bplist.py: https://github.com/cclgroupltd/ccl-bplist Sample Output: sample_dump_freq_locs.txt - Sample script output Related Information: http://www.mac4n6.com/blog/2015/12/20/parsing-the-ios-frequent-locations
Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.
Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.
A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.