Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-anti-forensic

Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
https://github.com/shadawck/awesome-anti-forensic

Last synced: about 6 hours ago
JSON representation

Tools
- System/Digital Image
  - Air-Imager - end to dd/dc3dd designed for easily creating forensic images.
  - Dc3dd
  - Dcfldd
  - ddrescue
  - Afflib
  - Bmap-tools
  - Dmg2img
  - Frida - engineers, and security researchers.
  - Fridump
  - Imagemounter
- Recovering tool / Memory Extraction
- Analysis / Gathering tool (Know your ennemies)
  - Emldump
  - Galleta
  - Guymager
  - MboxGrep - interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats.
  - Mobiusft - source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
  - Naft
  - Pasco
  - Pdfbook-analyzer
  - Pdfid
  - Rkhunter
  - Vinetto
  - Autopsy
  - Bulk-extractor
  - captipper
  - Chromefreak - Platform Forensic Framework for Google Chrome.
  - SkypeFreak
  - Dumpzilla
  - Indxparse
  - IOSforensic
  - IPBA2
  - Iphoneanalyzer
  - LiMEaide
  - Nfex - time or post-capture from an offline tcpdump pcap savefile.
  - Ntdsxtract
  - PcapXray - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
  - ReplayProxy - based attacks (and also general HTTP traffic) that were captured in a pcap file.
  - PdfResurrect
  - Peepdf
  - Pev
  - Rekall
  - Recuperabit
  - Rifiuti2
  - Sleuthkit
  - Swap-digger - exploitation or forensics.
  - Volafox
  - Volatility
  - Xplico
  - Networkminer
- Data tampering
  - Exiftool
  - Exiv2
  - nTimetools
  - Scalpel
  - SetMace
- Hiding process
  - Unhide
  - Harness
  - Kaiser - less persistence, attacks and anti-forensic capabilities (Windows 7 32-bit).
  - Papa Shango
  - Saruman - forensics exec, for injecting full dynamic executables into process image (With thread injection).
- Cleaner / Data Destruction / Wiping / FileSystem
  - ChainSaw
  - Clear-EventLog
  - DBAN - contained boot image that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction.
  - Hdparm
  - Shred
  - Srm - line compatible rm which overwrites file contents before unlinking.
  - BleachBit
  - delete-self-poc
  - Forensia
  - LogKiller
  - Meterpreter > clearev
  - NTFS-3G - 3G Safe Read/Write NTFS Driver.
  - Nuke My LUKS
  - Permanent-Eraser
  - Wipe
  - Wipedicks
  - wiper
- Password and Login
  - chntpw - reset passwords in a Windows NT SAM user database file.
  - lazagne
  - Mimipenguin
- Encryption / Obfuscation
  - BurnEye
  - FreeOTFE - the-fly" transparent disk encryption program for PC & PDAs.
  - cryptsetup
  - cryptsetup-nuke-password
  - ELFcrypt
  - Midgetpack
  - panic_bcast - measure against cold-boot attacks.
  - Sherlocked - - transforms any type of script into a protected ELF executable, encrypted with anti-debugging.
  - suicideCrypt
  - Tchunt-ng
  - TrueHunter
- Policies / Logging (Event) / Monitoring
  - Auditpol
  - USBGuard
  - wecutil - Management protocol. [windows]
  - Wevtutil
  - evtkit - Windows Event Log files (Forensics) [windows]
  - Grokevt
  - Lfle
  - python-evtx
- Steganography
  - Steghide - and audio-files.
  - AudioStego
  - ChessSteg
  - Cloakify - looking strings. This lets you hide the file in plain sight, and transfer the file without triggering alerts.
  - Jsteg
  - Mp3nema
  - PacketWhisper - based steganography.
  - steg86 - agnostic steganographic tool for x86 and AMD64 binaries. You can use it to hide information in compiled programs, regardless of executable format (PE, ELF, Mach-O, raw, &c).
  - steganography - Significant-Bit encoding.
  - Steganography
  - StegaStamp
  - StegCloak
  - Stegdetect
  - StegFS
  - Stegify
  - Stego
  - StegoGAN
  - stego-toolkit
  - StegoVeritas
  - tweetable-polyglot-png
- OS/VM
  - Tails
  - HiddenVM
- Malware / AV
  - Malheur
  - MalwareDetect
- Hardware
  - BusKill - man-switch to trigger a computer to lock or shutdown if the user is physically separated from their machine.
  - Day Tripper - My-Windows Laser Tripwire.
  - DoNotDisturb
  - USB Kill - forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
  - USB Death - forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal.
  - xxUSBSentinel - forensics USB monitoring tool.
  - Silk Guardian - forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
- Android App
  - Lockup - of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.
  - Ripple

Programming Languages

Python 39 C 31 C++ 7 Shell 6 Java 3 Rust 2 Go 2 JavaScript 2 Objective-C 2 PHP 2

Ecosyste.ms: Awesome

awesome-anti-forensic

Tools

System/Digital Image

Recovering tool / Memory Extraction

Analysis / Gathering tool (Know your ennemies)

Data tampering

Hiding process

Cleaner / Data Destruction / Wiping / FileSystem

Password and Login

Encryption / Obfuscation

Policies / Logging (Event) / Monitoring

Steganography

OS/VM

Malware / AV

Hardware

Android App