Meerkat Logo

Meerkat

0
Free
Visit Website

Meerkat is a collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints without requiring a pre-deployed agent. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more. The tool provides a wide range of artifacts such as host information, network adapters, processes, services, files, audit policies, Windows firewall rules, DLLs, local users, ADS, disks, ports, strings, local groups, recycle bin, hotfixes, ARP, handles, scheduled tasks, hosts file, TPM, DNS, environment variables, autoruns, certificates, software, network routes, sessions, Bitlocker, registry, hardware, shares, domain information, defender event logs, drivers, USB history, metadata events related to login failures, user/group management, and more. It also offers ingestion into SIEMs, quick start guides, usage analysis, and troubleshooting tips.

FEATURES

ALTERNATIVES

A binary analysis platform for analyzing binary programs

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.

Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.

A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.

A simple Golang application for storing NIST National Software Reference Library Reference Data Set (NSRL RDS) with md5 and sha1 hash lookup searches.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

PINNED