Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with forensic-analysis

A curated list of projects in awesome lists tagged with forensic-analysis .

https://github.com/Srinivas11789/PcapXray

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic

Last synced: 07 Apr 2025

https://github.com/srinivas11789/pcapxray

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic

Last synced: 13 Mar 2025

https://github.com/ahmedkhlief/APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 12 Jul 2025

https://github.com/ahmedkhlief/apt-hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 14 May 2025

https://github.com/yampelo/beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

dfir digital-forensics forensic-analysis graph incident-response security threat-hunting

Last synced: 15 May 2025

https://github.com/b16f00t/whapa

WhatsApp Parser Toolset v1.59

forensic-analysis whatsapp-encryption whatsapp-parser

Last synced: 14 May 2025

https://github.com/B16f00t/whapa

WhatsApp Parser Toolset v1.59

forensic-analysis whatsapp-encryption whatsapp-parser

Last synced: 07 Apr 2025

https://github.com/m14r41/PentestingEverything

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking

Last synced: 18 Jul 2025

https://github.com/psmths/windows-forensic-artifacts

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11

Last synced: 06 Apr 2025

https://github.com/Psmths/windows-forensic-artifacts

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11

Last synced: 10 Apr 2025

https://github.com/johnlatwc/pypowershellxray

Python script to decode common encoded PowerShell scripts

dfir forensic-analysis forensics incident-response powershell security security-tools shellcode

Last synced: 21 Aug 2025

https://github.com/viralmaniar/remote-desktop-caching-

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

blue-team blueteam forensic-analysis forensics forensics-investigations hacking hacking-attack-tools hacking-tools infrastructure-monitoring internal-pentest penetration-testing purpleteam redteam redteaming

Last synced: 24 Apr 2025

https://github.com/EC-DIGIT-CSIRC/sysdiagnose

Forensic toolkit for iOS sysdiagnose feature

forensic-analysis incident-response-tooling python

Last synced: 06 Sep 2025

https://github.com/DavidJacobson/SafeText

Script to remove homoglyphs and zero-width characters to allow for safe distribution of documents from anonymous sources.

forensic-analysis

Last synced: 26 Mar 2025

https://github.com/cado-security/rip_raw

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

dfir dfir-automation forensic-analysis forensics memory-forensics security

Last synced: 12 Jul 2025

https://github.com/chmarax/forensix

Google Chrome forensic tool to process, analyze and visualize browsing artifacts

browsing-activity browsing-history cache forensic-analysis forensics google-chrome google-chrome-history metadata

Last synced: 05 Apr 2025

https://github.com/hashlookup/hashlookup-forensic-analyser

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

bloom-filter dfir dfir-automation forensic-analysis forensics-investigations hashlookup nsrl nsrllookup

Last synced: 30 Dec 2025

https://github.com/ChmaraX/forensix

Google Chrome forensic tool to process, analyze and visualize browsing artifacts

browsing-activity browsing-history cache forensic-analysis forensics google-chrome google-chrome-history metadata

Last synced: 16 Apr 2025

https://github.com/AnonCatalyst/Coeus-OSINT-ToolBox

Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform for seamless OSINT investigations.

data-science data-visualization database forensic-analysis forensics forensics-tools framework information-retrieval infosec osint osint-framework osint-python osint-resources osint-tool osint-toolkit people-search reconnaissance

Last synced: 06 May 2025

https://github.com/lxndrblz/forensicsim

A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.

abertay-university autopsy electron forensic-analysis indexeddb leveldb microsoft module parser teams

Last synced: 07 May 2025

https://github.com/cblichmann/btrfscue

Recover files from damaged BTRFS filesystems

btrfs data-recovery forensic-analysis forensics recovery rescue

Last synced: 16 Sep 2025

https://github.com/enferex/pdfresurrect

Analyze and help extract older "hidden" versions of a pdf from the current pdf.

forensic-analysis pdf

Last synced: 12 May 2025

https://github.com/AdamWhiteHat/Judge-Jury-and-Executable

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

antivirus csharp forensic-analysis forensics forensics-investigations forensics-level-scanning mft query-language scanner security threat-hunting threat-monitor yara yara-rules yara-scanner

Last synced: 11 Jul 2025

https://github.com/paulveillard/cybersecurity-forensics

A collection of forensics tools, software, libraries, learning tutorials, frameworks, academic and practical resources in Cybersecurity

cybersecurity digital-forensics forensic-analysis forensics forensics-101 forensics-investigations forensics-tools free open-data open-discovery open-source

Last synced: 28 Mar 2025

https://github.com/visma-prodsec/columbo

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.

binary-analysis forensic-analysis forensics security security-tools windows

Last synced: 15 Apr 2025

https://github.com/merces/entropy

CLI program to calculate file entropy

compression cryptography forensic-analysis malware-analysis

Last synced: 13 Jul 2025

https://github.com/emrekybs/douglas-042

Powershell script to help Speed ​​up Threat hunting incident response processes

forensic-analysis forensics hunting incident-response powershell threat-hunting threat-intelligence

Last synced: 12 May 2025

https://github.com/circl/forensic-tools

CIRCL system forensic tools or a jumble of tools to support forensic

dfir digital-forensics forensic forensic-analysis

Last synced: 14 Apr 2025

https://github.com/metaphor-cloud/aws-public-account-ids

Publicly-listed AWS account IDs for easy lookup. Great for cleaning up false positives from unknown Account IDs in Cloudtrail

audit-log aws aws-account-management aws-accounts cloudtrail forensic-analysis

Last synced: 15 Oct 2025

https://github.com/alcideio/kaudit

Alcide Kubernetes Audit Log Analyzer - Alcide kAudit

alcide-kaudit audit-log forensic-analysis forensics kubernetes security security-tools vault

Last synced: 30 Dec 2025

https://github.com/piesecurity/windowseventstocsvtimeline

Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.

csv-export eventlog forensic-analysis parsing powershell-script timeline windows windows-eventlog

Last synced: 28 Oct 2025

https://github.com/sweetbbak/hexxy

a modern and beautiful alternative to xxd and hexdump.

command-line forensic-analysis golang hex

Last synced: 11 Oct 2025

https://github.com/op7ic/unix_collector

unix_collector is a live response collection script for Incident Response on UNIX-like systems using native binaries.

blueteam computer-forensics dfir dfir-automation forensic-analysis forensics freebsd linux live-response openbsd posix script shell solaris unix

Last synced: 11 May 2025

https://github.com/mcp-shark/mcp-shark

Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and responses between your IDE and MCP servers

electron forensic-analysis forensics forensics-tools mcp-protocol monitoring monitoring-tool nodejs security security-audit security-tools traffic-analysis

Last synced: 19 Nov 2025

https://github.com/therealdreg/emuhookdetector

hook detector using emulation and comparing static with dynamic outputs

capstone-project emulation forensic-analysis hooking hooks linux rootkit-hunter unicorn-emulator

Last synced: 28 Oct 2025

https://github.com/jaegeral/timesketch-cli

A dedicated repo to interact with the API of Timesketch

automation cli cybersecurity dfir forensic-analysis timeline timesketch

Last synced: 02 May 2025

https://github.com/ventz/docker-cif

CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)

cifs forensic-analysis forensics intel intelligence security threat-hunting threat-sharing

Last synced: 16 Sep 2025

https://github.com/wuseman/tshark-cheatsheet

Hunting Fish with tshark. Active/Passive/Realtime/Live Threat Hunting

command-line commandline forensic-analysis forensics gentoo hunt hunting malware monitor pcap tshark useflags wireshark

Last synced: 10 Apr 2025

https://github.com/nannib/nbtempow

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.

forensic-analysis forensics lazarus sleuthkit the timeline tsk windows

Last synced: 06 May 2025

https://github.com/Richard1611/RemoteKapeTriage

A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.

cybersecurity forensic-analysis forensics incident-response information-gathering information-security kape powershell powershell-script threathunting triage

Last synced: 10 Apr 2025

https://github.com/they4kman/btrfs-recon

Python app to parse btrfs disk images, record to postgres, and write fixes back to disk

btrfs forensic-analysis python

Last synced: 11 Apr 2025

https://github.com/tazeg/hscan

Scans recursively a path to match given sha1 checksums.

forensic-analysis forensics forensics-investigations golang sha1 sha1sum

Last synced: 23 Apr 2025

https://github.com/nannib/nbtempo

This is a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format. It needs TSK (The SleuthKit) and YAD (Yet Another Dialog).(TSK based) - digital forensics

caine digital forensic-analysis forensics mactime timeline tsk yad

Last synced: 06 Jul 2025

https://github.com/mauricelambert/pdforensic

This package analyses PDF files for Forensic Investigations.

analysis forensic-analysis forensics investigation package parser pdf python3 tool

Last synced: 11 Apr 2025

https://github.com/shadawck/seqparser

Cli tool to find specific regular expression like email, ip adress, phone number, bitcoin adress ... in a file

analysis cli ctf detection forensic-analysis forensics hackathon python3 regex sec

Last synced: 17 Oct 2025

https://github.com/capevace/forensik-viz

Visualisierung für Forensik-Projekt an der Leuphana Universität Lüneburg

chats forensic-analysis forensics forensics-tools map vue whatsapp

Last synced: 21 Mar 2025

https://github.com/sumidcyber/netflowcrafter

This Go code is used to listen to network traffic, monitor and analyze certain protocols. Users can listen to live traffic from a specific network interface, monitor protocols such as TCP, UDP, ICMP, and record traffic. It can be used in various applications such as network security and performance monitoring.

cyber-analytics cybersecurity forensic-analysis forensics-tools malware netowrk-tools network network-analysis network-programming networks nmap scanner

Last synced: 24 Mar 2025

https://github.com/mauricelambert/elfanalyzer

This module parses and analyzes ELF file for Forensic and investigations.

analysis elf elf-analyzer elf-parser forensic-analysis forensics investigations malware-analysis

Last synced: 27 Jun 2025

https://github.com/mauricelambert/clef

Collect Linux Evidences for Forensics and investigations.

audit bash collect docker evidence forensic-analysis forensics investigation linux

Last synced: 22 Jul 2025

https://github.com/jacobdicksonofficial/network-forensics

Network Forensics - Vulnerability Assessment & Exploitation 🔐

cybersecurity-education forensic-analysis metasploit-framework

Last synced: 24 Jun 2025

https://github.com/yogsec/digital-forensics-tools

A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.

bug-bounty-tools bugbounty cybersecurity cybersecurity-tools digital-forensics digital-forensics-tool digital-forensics-tools ethicalhacking forensic-analysis forensic-investigation forensics kali-linux linux osint pentesting pentesting-tools yogsec

Last synced: 16 Jun 2025

https://github.com/captn3m0/which-electron

Try to find out which Electron version is bundled in an application file.

electron electronjs forensic-analysis software-bill-of-materials static-analysis version-monitoring

Last synced: 03 Mar 2025

https://github.com/mauricelambert/networkcollectdfir

This script collects data for incident response and forensic (useful for CTF and DFIR challenges !).

dfir forensic-analysis forensics incident-response network network-detection python3 scapy

Last synced: 24 Jul 2025

https://github.com/romiras/trid-lookup-demo

Small web-application for detection of file type by its content

file-analysis forensic-analysis

Last synced: 30 Jul 2025

https://github.com/leahkemp/forensics_road_crashes_starter

A bit of starter code to help a colleague get started wrangling and extracting summary statistics from a road crash dataset in R.

forensic-analysis forensics tidyverse

Last synced: 24 Aug 2025

https://github.com/gabrielfalcao/sanitation

🦀 Tool for developing memory-safe programs while detecting and capturing possibly malicious bytes.

cybersecurity forensic-analysis rust

Last synced: 01 Mar 2025

https://github.com/josephnoir/vast-demo-scripts

Some scripts written while analyzing data with VAST

forensic-analysis vast vast-tools

Last synced: 23 Mar 2025

https://github.com/janstarke/pol_export

⛔️ DEPRECATED: Use https://github.com/dfir-dd/dfir-toolkit instead

cli deprecated forensic-analysis forensics forensics-tools

Last synced: 07 May 2025

https://github.com/giorgiosld/os-fingerprint-ml

A machine learning approach to operating system fingerprinting through analysis of raw memory dumps and pointer graphs. This project is part of the T-710-MLCS (Machine Learning in Cybersecurity) course at Reykjavik University, Fall Semester, Cybersecurity Master's Degree program.

cybersecurity forensic-analysis machine-learning ml-cybersecurity os-fingerprinting

Last synced: 25 Feb 2025

https://github.com/b0lg0r0v/citrix-netscaler-forensics

This repository contains a list of artifacts to search for while performing a forensic investigation on Citrix Netscaler appliances.

citrix-adc citrix-adc-forensics citrix-netscaler forensic-analysis guide malware

Last synced: 28 Mar 2025

https://github.com/priyanshubiswas-tech/deloitte-daikibo-forensic-analysis-task-2

Forensic pay equity analyzer for Deloitte. Processes compensation data to classify gender equality scores into Fair/Unfair/Discriminative tiers. Outputs modified Excel with 3-tier evaluation system.

data data-analysis deloitte excel forensic-analysis

Last synced: 14 Jul 2025

https://github.com/r3k4t/htmlshowmyip

A simple html program which find out our ip address from linux.

forensic-analysis html securit-testing security-audit security-research software-development software-engineering

Last synced: 11 Mar 2025

https://github.com/mauricelambert/pyemailtools

Analysis and email forgering with SMTP, IMAP and POP3 client (client for emails protocols).

email forensic-analysis forensics pypi pypi-package python3

Last synced: 04 Mar 2025

https://github.com/rtulke/chronika

Chronika is a forensic analysis tool for reading and visualizing different browser histories in a chronological timeline format. Supports Chrome, Firefox, Safari, Brave, Opera, Edge, Vivaldi, Tor Browser, Chromium, LibreWolf and all browsers on Linux and macOS.

brave browser browser-forensic browser-forensics chrome chromium edge firefox forensic forensic-analysis forensics forensics-tools historical historical-data librewolf opera safari vivaldi

Last synced: 25 Oct 2025