nightHawk Response Logo

nightHawk Response

0
Free
Visit Website

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, designed to ingest Mandiant Redline 'collections' files, providing flexibility in search, stack, and tagging. The application, accompanied by a fully-fledged GOpher application, allows control over multiple investigations or hundreds of endpoints in a single pane of glass. Version 2.0, ETA March 2020, is under development with features like Docker-based installation, new UI rewrite in React, progressive and resumable triage uploading, Kibana nightHawkResponse Plugin, simplified code base with unit tests, and a simplified development environment CI/CD.

FEATURES

ALTERNATIVES

Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.

Dump iOS Frequent Locations from StateModel#.archive files.

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.

A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.

A library and tools to access and analyze APFS file systems

Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved