Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, designed to ingest Mandiant Redline 'collections' files, providing flexibility in search, stack, and tagging. The application, accompanied by a fully-fledged GOpher application, allows control over multiple investigations or hundreds of endpoints in a single pane of glass. Version 2.0, ETA March 2020, is under development with features like Docker-based installation, new UI rewrite in React, progressive and resumable triage uploading, Kibana nightHawkResponse Plugin, simplified code base with unit tests, and a simplified development environment CI/CD.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.