Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-anti-forensic
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
https://github.com/shadawck/awesome-anti-forensic
Last synced: 3 days ago
JSON representation
-
Tools
-
System/Digital Image
- Air-Imager - end to dd/dc3dd designed for easily creating forensic images.
- Dc3dd
- Dcfldd
- ddrescue
- Afflib
- Bmap-tools
- Dmg2img
- Frida - engineers, and security researchers.
- Fridump
- Imagemounter
-
Recovering tool / Memory Extraction
-
Analysis / Gathering tool (Know your ennemies)
- Emldump
- Galleta
- Guymager
- MboxGrep - interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats.
- Mobiusft - source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
- Naft
- Pasco
- Pdfbook-analyzer
- Pdfid
- Rkhunter
- Vinetto
- Autopsy
- Bulk-extractor
- captipper
- Chromefreak - Platform Forensic Framework for Google Chrome.
- SkypeFreak
- Dumpzilla
- Indxparse
- IOSforensic
- IPBA2
- Iphoneanalyzer
- LiMEaide
- Nfex - time or post-capture from an offline tcpdump pcap savefile.
- Ntdsxtract
- PcapXray - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
- ReplayProxy - based attacks (and also general HTTP traffic) that were captured in a pcap file.
- PdfResurrect
- Peepdf
- Pev
- Rekall
- Recuperabit
- Rifiuti2
- Sleuthkit
- Swap-digger - exploitation or forensics.
- Volafox
- Volatility
- Xplico
- Networkminer
-
Data tampering
-
Hiding process
- Unhide
- Harness
- Kaiser - less persistence, attacks and anti-forensic capabilities (Windows 7 32-bit).
- Papa Shango
- Saruman - forensics exec, for injecting full dynamic executables into process image (With thread injection).
-
Cleaner / Data Destruction / Wiping / FileSystem
- ChainSaw
- Clear-EventLog
- DBAN - contained boot image that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction.
- Hdparm
- Shred
- Srm - line compatible rm which overwrites file contents before unlinking.
- BleachBit
- delete-self-poc
- Forensia
- LogKiller
- Meterpreter > clearev
- NTFS-3G - 3G Safe Read/Write NTFS Driver.
- Nuke My LUKS
- Permanent-Eraser
- Wipe
- Wipedicks
- wiper
-
Password and Login
- chntpw - reset passwords in a Windows NT SAM user database file.
- lazagne
- Mimipenguin
-
Encryption / Obfuscation
- BurnEye
- FreeOTFE - the-fly" transparent disk encryption program for PC & PDAs.
- cryptsetup
- cryptsetup-nuke-password
- ELFcrypt
- Midgetpack
- panic_bcast - measure against cold-boot attacks.
- Sherlocked - - transforms any type of script into a protected ELF executable, encrypted with anti-debugging.
- suicideCrypt
- Tchunt-ng
- TrueHunter
-
Policies / Logging (Event) / Monitoring
-
Steganography
- Steghide - and audio-files.
- AudioStego
- ChessSteg
- Cloakify - looking strings. This lets you hide the file in plain sight, and transfer the file without triggering alerts.
- Jsteg
- Mp3nema
- PacketWhisper - based steganography.
- steg86 - agnostic steganographic tool for x86 and AMD64 binaries. You can use it to hide information in compiled programs, regardless of executable format (PE, ELF, Mach-O, raw, &c).
- steganography - Significant-Bit encoding.
- Steganography
- StegaStamp
- StegCloak
- Stegdetect
- StegFS
- Stegify
- Stego
- StegoGAN
- stego-toolkit
- StegoVeritas
- tweetable-polyglot-png
-
OS/VM
-
Malware / AV
-
Hardware
- BusKill - man-switch to trigger a computer to lock or shutdown if the user is physically separated from their machine.
- Day Tripper - My-Windows Laser Tripwire.
- DoNotDisturb
- USB Kill - forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
- USB Death - forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal.
- xxUSBSentinel - forensics USB monitoring tool.
- Silk Guardian - forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
-
Android App
-
Programming Languages
Sub Categories
Analysis / Gathering tool (Know your ennemies)
38
Steganography
20
Cleaner / Data Destruction / Wiping / FileSystem
17
Encryption / Obfuscation
11
Recovering tool / Memory Extraction
10
System/Digital Image
10
Policies / Logging (Event) / Monitoring
8
Hardware
7
Data tampering
5
Hiding process
5
Android App
4
Password and Login
3
OS/VM
2
Malware / AV
2
Keywords
steganography
16
security
13
forensics
12
python
6
cryptography
6
security-tools
6
anti-forensics
6
linux
5
hacking
5
privacy
4
cli
4
windows
4
pentesting
3
redteam
3
stego
3
dfir
3
post-exploitation
3
truecrypt
3
veracrypt
3
opsec
3
data-exfiltration
3
hacking-tool
3
infosec
3
antiforensics
3
hacking-tools
3
cipher
2
forensic-analysis
2
usb
2
tor
2
wipe-files
2
decoding
2
encoding
2
encryption
2
dlp
2
exfiltration
2
ntfs
2
png
2
disk
2
jpeg
2
pentest-tool
2
filesystem
2
red-team
2
malware
2
python3
2
tct
1
sleuthkit
1
memory
1
incident-response
1
logs
1
evasion
1