Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-forensics-TOOLS
https://github.com/merlinepedra25/awesome-forensics-TOOLS
Last synced: 3 days ago
JSON representation
-
Collections
- DFIR.Training - Database of forensic resources focused on events, tools and more
- ForensicArtifacts.com Artifact Repository - Machine-readable knowledge base of forensic artifacts
-
Tools
-
Distributions
- Remnux - Distro for reverse-engineering and analyzing malicious software
- Tsurugi Linux - Linux distribution for forensic analysis
- WinFE - Windows Forensics enviroment
- bitscout - LiveCD/LiveUSB for remote forensic acquisition and analysis
- SANS Investigative Forensics Toolkit (sift) - Linux distribution for forensic analysis
-
Frameworks
- Autopsy - SleuthKit GUI
- dff - Forensic framework
- dexter - Dexter is a forensics acquisition framework designed to be extensible and secure
- hashlookup-forensic-analyser - A tool to analyse files from a forensic acquisition to find known/unknown hashes from [hashlookup](https://www.circl.lu/services/hashlookup/) API or using a local Bloom filter.
- IntelMQ - IntelMQ collects and processes security feeds
- Kuiper - Digital Investigation Platform
- Laika BOSS - Laika is an object scanner and intrusion detection system
- PowerForensics - PowerForensics is a framework for live disk forensic analysis
- The Sleuth Kit - Tools for low level forensic analysis
- turbinia - Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms
- IPED - Indexador e Processador de Evidências Digitais - Brazilian Federal Police Tool for Forensic Investigations
- Wombat Forensics - Forensic GUI tool
-
IOC Scanner
- THOR Lite - Free IOC and YARA Scanner
- Fastfinder - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashes, literal/wildcard strings, regular expressions and YARA rules
- Fenrir - Simple Bash IOC Scanner
- Loki - Simple IOC and Incident Response Scanner
-
Acquisition
- Belkasoft RAM Capturer - Volatile Memory Acquisition Tool
- CrowdResponse - A static host data collection tool by CrowdStrike
- DFIR ORC - Forensics artefact collection tool for systems running Microsoft Windows
- Magnet RAM Capture - A free imaging tool designed to capture the physical memory
- WinTriage - Wintriage is a live response tool that extracts Windows artifacts. It must be executed with local or domain administrator privileges and recommended to be done from an external drive.
- artifactcollector - A customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
- ArtifactExtractor - Extract common Windows artifacts from source images and VSCs
- AVML - A portable volatile memory acquisition tool for Linux
- FastIR Collector - Collect artifacts on windows
- LiME - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD
- Velociraptor - Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries
-
Imaging
-
Carving
- photorec - File carving tool
- bstrings - Improved strings utility
- bulk_extractor - Extracts information such as email addresses, creditcard numbers and histrograms from disk images
- floss - Static analysis tool to automatically deobfuscate strings from malware binaries
- swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc.
-
Network Forensics
- WireShark - A network protocol analyzer
- Kismet - A passive wireless sniffer
- NetworkMiner - Network Forensic Analysis Tool
-
Windows Artifacts
- FRED - Cross-platform microsoft registry hive editor
- LastActivityView - LastActivityView by Nirsoftis a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.
- MFT-Parsers - Comparison of MFT-Parsers
- MFTEcmd - MFT Parser by Eric Zimmerman
- Beagle - Transform data sources and logs into graphs
- LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
- python-evt - Pure Python parser for classic Windows Event Log files (.evt)
- RegRipper3.0 - RegRipper is an open source Perl tool for parsing the Registry and presenting it for analysis
- RegRippy - A framework for reading and extracting useful forensics data from Windows registry hives
- MFTExtractor - MFT-Parser
-
Mobile Forensics
- ArtEx - Artifact Examiner for iOS Full File System extractions
-
Internet Artifacts
- ChromeCacheView - A small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache
-
Timeline Analysis
- Timeline Explorer - Timeline Analysis tool for CSV and Excel files. Built for SANS FOR508 students
-
Disk image handling
- xmount - Convert between different disk image formats
-
Decryption
- hashcat - Fast password cracker with GPU support
- John the Ripper - Password cracker
-
Picture Analysis
- Ghiro - A fully automated tool designed to run forensics analysis over a massive amount of images
-
Metadata Forensics
-
Live Forensics
- grr - GRR Rapid Response: remote live forensics for incident response
- Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask
- mig - Distributed & real time digital forensics at the speed of the cloud
- osquery - SQL powered operating system analytics
- POFR - The Penguin OS Flight Recorder collects, stores and organizes for further analysis process execution, file access and network/socket endpoint data from the Linux Operating System.
- UAC - UAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Reponse that makes use of built-in tools to automate the collection of Unix-like systems artifacts. Supported systems: AIX, FreeBSD, Linux, macOS, NetBSD, Netscaler, OpenBSD and Solaris.
-
Memory Forensics
- inVtero.net - High speed memory analysis framework
- KeeFarce - Extract KeePass passwords from memory
- MemProcFS - An easy and convenient way of accessing physical memory as files a virtual file system.
- Rekall - Memory Forensic Framework
- volatility - The memory forensic framework
- VolUtility - Web App for Volatility framework
-
Learn Forensics
-
Steganography
- Forensic challenges - Mindmap of forensic challenges
- OpenLearn - Digital forensic course
-
CTFs and Challenges
-
-
Resources
-
Web
-
Blogs
-
Books
- The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory
- The Practice of Network Security Monitoring - Understanding Incident Detection and Response
-
File System Corpora
- Digital Forensic Challenge Images - Two DFIR challenges with images
- Digital Forensics Tool Testing Images
- Hacking Case (4.5 GB NTFS Image)
-
Twitter
- @4n6ist
- @aheadless
- @AppleExaminer - Apple OS X & iOS Digital Forensics
- @carrier4n6 - Brian Carrier, author of Autopsy and the Sleuth Kit
- @CindyMurph - Detective & Digital Forensic Examiner
- @forensikblog - Computer forensic geek
- @HECFBlog - SANS Certified Instructor
- @Hexacorn - DFIR+Malware
- @hiddenillusion
- @iamevltwin - Mac Nerd, Forensic Analyst, Author & Instructor of SANS FOR518
- @jaredcatkinson - PowerShell Forensics
- @maridegrazia - Computer Forensics Examiner
- @sleuthkit
- @williballenthin
- @XWaysGuide
- @inginformatico - DFIR analyst and enthusiast
- @Belkasoft
- @blackbagtech
-
Other
- /r/computerforensics/ - Subreddit for computer forensics
- /r/LearnDigitalForensics - Subreddit for learning Digital Forensics
- SANS Posters - Free posters provided by SANS
-
-
Related Awesome Lists
Sub Categories
Twitter
18
Frameworks
12
Acquisition
11
Other
11
Windows Artifacts
10
CTFs and Challenges
7
Live Forensics
6
Memory Forensics
6
Carving
5
Blogs
5
Distributions
5
IOC Scanner
4
Network Forensics
3
File System Corpora
3
Web
2
Imaging
2
Books
2
Steganography
2
Decryption
2
Timeline Analysis
1
Mobile Forensics
1
Metadata Forensics
1
Disk image handling
1
Picture Analysis
1
Internet Artifacts
1
Keywords
dfir
14
security
12
incident-response
9
forensics
8
awesome
6
digital-forensics
6
awesome-list
5
list
4
python
4
linux
3
malware
3
cybersecurity
3
malware-analysis
2
memory-forensics
2
threat-hunting
2
forensic-analysis
2
forensics-investigations
2
ioc
2
intrusion-detection
2
hacking
2
android
2
penetration
1
ctf
1
hashlookup
1
nsrl
1
nsrllookup
1
alerts
1
automation
1
cert
1
csirt
1
feeds
1
handling
1
ihap
1
incident
1
intelligence
1
security-experts
1
reading-list
1
phishing
1
owasp
1
threat
1
artifacts
1
curated
1
application-security
1
parser
1
ntfs
1
sleuthkit
1
tct
1
cloud
1
security-automation
1
forensic
1