Truehunter
The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. It was designed to detect Truecrypt and Veracrypt containers, however it may detect any encrypted file with a 'header' not included in its database. Truehunter performs the following checks: Test the first 8 bytes of the file against its own database. File size modulo 64 must be zero. Calculates file entropy. Truehunter is part of BlackArch forensic tools. Installation: Any Python version from 2.7-3.7 should work, it does not need any additional libraries. Usage: The headers database file will be created with the first use, and can be updated after every scan. Note this is not a correct header database, just the first 8 bytes of every file, extension and date (It does the job as a PoC). Fast Scan: Searches for files with a size % 64 = 0 (block ciphers), unknown headers and appearing less than MAXHEADER value (default 3). Default Scan: Performs a fast scan and calculates the entropy of the resulting files to reduce false positives. Usage: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZ
FEATURES
ALTERNATIVES
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.
Comprehensive suite for advanced file analysis and software supply chain security.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.