Vshadow
Vshadow (vshadow.exe) is a command line utility for managing volume shadow copies included within the Windows SDK and signed by Microsoft. It allows for executing scripts and invoking commands in support of volume shadow snapshot management, which can be abused for privileged-level evasion, persistence, and file extraction. The tool supports the -exec parameter for executing binaries or scripts without command arguments.
FEATURES
ALTERNATIVES
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
Python script to parse macOS MRU plist files into human-friendly format
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
XMLStarlet offers a suite of command line utilities for manipulating and querying XML documents.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.