LfLe
Recover event log entries from an image by heuristically looking for record structures. Dependencies: argparse (http://pypi.python.org/pypi/argparse available via easy_install/pip). Usage: Use this tool to extract event log messages from an image file by looking for things that appear to be records. Then, feed the resulting file into an event log viewer, such as Event Log Explorer (http://www.eventlogxp.com/, use 'direct' mode when opening). Sample Output: evt/LfLe - [master●] » python lfle.py '/media/truecrypt2/VM/Windows XP Professional - Service Pack 3 - TEMPLATE/Windows XP Professional - Service Pack 3-cl1.vmdk' recovered.evt 100% complete% done. Wrote 5413 records. Skipped 48 records with length greater than 0x10000. Skipped 12.
FEATURES
ALTERNATIVES
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
Windows event log fast forensics timeline generator and threat hunting tool.
Automated collection tool for incident response triage in Windows systems.
A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.