Open source digital forensics tools for analyzing disk images and recovering files.
Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start: - pipx install yaralyzer - Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - Scan against an arbitrary regular expression: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - Scan against an arbitrary YARA hex pattern: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin What It Do: See the actual bytes your YARA rules are matching. No more digging around copy/pasting the start positions reported by YARA into your favorite hex editor. Displays both the bytes matched by YARA as well as a configurable number of bytes before and after each match in hexadecimal and 'raw' python string representation. Do the same for byte patterns and regular expressions without writing a YARA file. If you're too lazy to write a YARA file but are trying to determine, say, whether the
Open source digital forensics tools for analyzing disk images and recovering files.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
Advanced computer forensics software with efficient features.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.