Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with forensic-analysis

A curated list of projects in awesome lists tagged with forensic-analysis .

https://github.com/Srinivas11789/PcapXray

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic

Last synced: 07 Apr 2025

https://github.com/srinivas11789/pcapxray

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic

Last synced: 13 Mar 2025

https://github.com/ahmedkhlief/APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 12 Jul 2025

https://github.com/ahmedkhlief/apt-hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

apt-attacks forensic-analysis incident-response purpleteam python3 threat-hunting windows-event-logs windows-eventlog

Last synced: 14 May 2025

https://github.com/yampelo/beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

dfir digital-forensics forensic-analysis graph incident-response security threat-hunting

Last synced: 15 May 2025

https://github.com/b16f00t/whapa

WhatsApp Parser Toolset v1.59

forensic-analysis whatsapp-encryption whatsapp-parser

Last synced: 14 May 2025

https://github.com/B16f00t/whapa

WhatsApp Parser Toolset v1.59

forensic-analysis whatsapp-encryption whatsapp-parser

Last synced: 07 Apr 2025

https://github.com/m14r41/PentestingEverything

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking

Last synced: 18 Jul 2025

https://github.com/psmths/windows-forensic-artifacts

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11

Last synced: 06 Apr 2025

https://github.com/acquiredsecurity/forensic-timeliner

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.

axiom chainsaw digital-forensic-tool digital-forensics-incident-response ez-tools forensic-analysis forensic-timeline forensics-investigations forensics-tools hayabusa nirsoft timelines yaml

Last synced: 26 Feb 2026

https://github.com/Psmths/windows-forensic-artifacts

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11

Last synced: 10 Apr 2025

https://github.com/johnlatwc/pypowershellxray

Python script to decode common encoded PowerShell scripts

dfir forensic-analysis forensics incident-response powershell security security-tools shellcode

Last synced: 21 Aug 2025

https://github.com/viralmaniar/remote-desktop-caching-

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

blue-team blueteam forensic-analysis forensics forensics-investigations hacking hacking-attack-tools hacking-tools infrastructure-monitoring internal-pentest penetration-testing purpleteam redteam redteaming

Last synced: 24 Apr 2025

https://github.com/EC-DIGIT-CSIRC/sysdiagnose

Forensic toolkit for iOS sysdiagnose feature

forensic-analysis incident-response-tooling python

Last synced: 06 Sep 2025

https://github.com/mcp-shark/mcp-shark

Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and responses between your IDE and MCP servers

electron forensic-analysis forensics forensics-tools mcp-protocol monitoring monitoring-tool nodejs security security-audit security-tools traffic-analysis

Last synced: 05 Apr 2026

https://github.com/DavidJacobson/SafeText

Script to remove homoglyphs and zero-width characters to allow for safe distribution of documents from anonymous sources.

forensic-analysis

Last synced: 26 Mar 2025

https://github.com/cado-security/rip_raw

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

dfir dfir-automation forensic-analysis forensics memory-forensics security

Last synced: 12 Jul 2025

https://github.com/chmarax/forensix

Google Chrome forensic tool to process, analyze and visualize browsing artifacts

browsing-activity browsing-history cache forensic-analysis forensics google-chrome google-chrome-history metadata

Last synced: 05 Apr 2025

https://github.com/hashlookup/hashlookup-forensic-analyser

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

bloom-filter dfir dfir-automation forensic-analysis forensics-investigations hashlookup nsrl nsrllookup

Last synced: 30 Dec 2025

https://github.com/ChmaraX/forensix

Google Chrome forensic tool to process, analyze and visualize browsing artifacts

browsing-activity browsing-history cache forensic-analysis forensics google-chrome google-chrome-history metadata

Last synced: 16 Apr 2025

https://github.com/AnonCatalyst/Coeus-OSINT-ToolBox

Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring 📱 to data analysis 📊, it offers a centralized platform for seamless OSINT investigations.

data-science data-visualization database forensic-analysis forensics forensics-tools framework information-retrieval infosec osint osint-framework osint-python osint-resources osint-tool osint-toolkit people-search reconnaissance

Last synced: 06 May 2025

https://github.com/lxndrblz/forensicsim

A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.

abertay-university autopsy electron forensic-analysis indexeddb leveldb microsoft module parser teams

Last synced: 07 May 2025

https://github.com/cblichmann/btrfscue

Recover files from damaged BTRFS filesystems

btrfs data-recovery forensic-analysis forensics recovery rescue

Last synced: 16 Sep 2025

https://github.com/enferex/pdfresurrect

Analyze and help extract older "hidden" versions of a pdf from the current pdf.

forensic-analysis pdf

Last synced: 19 Jan 2026

https://github.com/AdamWhiteHat/Judge-Jury-and-Executable

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

antivirus csharp forensic-analysis forensics forensics-investigations forensics-level-scanning mft query-language scanner security threat-hunting threat-monitor yara yara-rules yara-scanner

Last synced: 11 Jul 2025

https://github.com/paulveillard/cybersecurity-forensics

A collection of forensics tools, software, libraries, learning tutorials, frameworks, academic and practical resources in Cybersecurity

cybersecurity digital-forensics forensic-analysis forensics forensics-101 forensics-investigations forensics-tools free open-data open-discovery open-source

Last synced: 07 Jan 2026

https://github.com/visma-prodsec/columbo

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.

binary-analysis forensic-analysis forensics security security-tools windows

Last synced: 10 Mar 2026

https://github.com/merces/entropy

CLI program to calculate file entropy

compression cryptography forensic-analysis malware-analysis

Last synced: 13 Jul 2025

https://github.com/emrekybs/douglas-042

Powershell script to help Speed ​​up Threat hunting incident response processes

forensic-analysis forensics hunting incident-response powershell threat-hunting threat-intelligence

Last synced: 12 May 2025

https://github.com/circl/forensic-tools

CIRCL system forensic tools or a jumble of tools to support forensic

dfir digital-forensics forensic forensic-analysis

Last synced: 14 Apr 2025

https://github.com/metaphor-cloud/aws-public-account-ids

Publicly-listed AWS account IDs for easy lookup. Great for cleaning up false positives from unknown Account IDs in Cloudtrail

audit-log aws aws-account-management aws-accounts cloudtrail forensic-analysis

Last synced: 15 Oct 2025

https://github.com/alcideio/kaudit

Alcide Kubernetes Audit Log Analyzer - Alcide kAudit

alcide-kaudit audit-log forensic-analysis forensics kubernetes security security-tools vault

Last synced: 30 Dec 2025

https://github.com/piesecurity/windowseventstocsvtimeline

Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.

csv-export eventlog forensic-analysis parsing powershell-script timeline windows windows-eventlog

Last synced: 28 Oct 2025

https://github.com/sweetbbak/hexxy

a modern and beautiful alternative to xxd and hexdump.

command-line forensic-analysis golang hex

Last synced: 11 Oct 2025

https://github.com/op7ic/unix_collector

unix_collector is a live response collection script for Incident Response on UNIX-like systems using native binaries.

blueteam computer-forensics dfir dfir-automation forensic-analysis forensics freebsd linux live-response openbsd posix script shell solaris unix

Last synced: 11 May 2025

https://github.com/therealdreg/emuhookdetector

hook detector using emulation and comparing static with dynamic outputs

capstone-project emulation forensic-analysis hooking hooks linux rootkit-hunter unicorn-emulator

Last synced: 28 Oct 2025

https://github.com/ventz/docker-cif

CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)

cifs forensic-analysis forensics intel intelligence security threat-hunting threat-sharing

Last synced: 16 Sep 2025

https://github.com/jaegeral/timesketch-cli

A dedicated repo to interact with the API of Timesketch

automation cli cybersecurity dfir forensic-analysis timeline timesketch

Last synced: 02 May 2025

https://github.com/wuseman/tshark-cheatsheet

Hunting Fish with tshark. Active/Passive/Realtime/Live Threat Hunting

command-line commandline forensic-analysis forensics gentoo hunt hunting malware monitor pcap tshark useflags wireshark

Last synced: 10 Apr 2025

https://github.com/nannib/nbtempow

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.

forensic-analysis forensics lazarus sleuthkit the timeline tsk windows

Last synced: 06 May 2025

https://github.com/Richard1611/RemoteKapeTriage

A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.

cybersecurity forensic-analysis forensics incident-response information-gathering information-security kape powershell powershell-script threathunting triage

Last synced: 10 Apr 2025

https://github.com/they4kman/btrfs-recon

Python app to parse btrfs disk images, record to postgres, and write fixes back to disk

btrfs forensic-analysis python

Last synced: 11 Apr 2025

https://github.com/alicangnll/pyshadow

PyShadow — Python ShadowCopy Analyzer for Forensic and Data Rescue

cyber-security cybersecurity file-recovery forensic forensic-analysis forensics-tools foresics shadowcopy

Last synced: 07 Apr 2026

https://github.com/tazeg/hscan

Scans recursively a path to match given sha1 checksums.

forensic-analysis forensics forensics-investigations golang sha1 sha1sum

Last synced: 23 Apr 2025

https://github.com/eric-therond/sharesniff

A tool to do forensics of Office documents

forensic-analysis forensics office security-tools

Last synced: 30 Jan 2026

https://github.com/nannib/nbtempo

This is a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format. It needs TSK (The SleuthKit) and YAD (Yet Another Dialog).(TSK based) - digital forensics

caine digital forensic-analysis forensics mactime timeline tsk yad

Last synced: 09 Mar 2026

https://github.com/shadawck/seqparser

Cli tool to find specific regular expression like email, ip adress, phone number, bitcoin adress ... in a file

analysis cli ctf detection forensic-analysis forensics hackathon python3 regex sec

Last synced: 17 Oct 2025

https://github.com/mauricelambert/pdforensic

This package analyses PDF files for Forensic Investigations.

analysis forensic-analysis forensics investigation package parser pdf python3 tool

Last synced: 11 Apr 2025

https://github.com/mauricelambert/elfanalyzer

This module parses and analyzes ELF file for Forensic and investigations.

analysis elf elf-analyzer elf-parser forensic-analysis forensics investigations malware-analysis

Last synced: 18 Feb 2026

https://github.com/thomaslaurenson/irdnumberscanner

A bulk_extractor scanner plug-in to detect and validate Inland Revenue (IRD) Numbers

bulk-extractor forensic-analysis scanner

Last synced: 17 Jan 2026

https://github.com/sumidcyber/netflowcrafter

This Go code is used to listen to network traffic, monitor and analyze certain protocols. Users can listen to live traffic from a specific network interface, monitor protocols such as TCP, UDP, ICMP, and record traffic. It can be used in various applications such as network security and performance monitoring.

cyber-analytics cybersecurity forensic-analysis forensics-tools malware netowrk-tools network network-analysis network-programming networks nmap scanner

Last synced: 24 Mar 2025

https://github.com/mauricelambert/clef

Collect Linux Evidences for Forensics and investigations.

audit bash collect docker evidence forensic-analysis forensics investigation linux

Last synced: 16 Apr 2026

https://github.com/capevace/forensik-viz

Visualisierung für Forensik-Projekt an der Leuphana Universität Lüneburg

chats forensic-analysis forensics forensics-tools map vue whatsapp

Last synced: 17 Apr 2026

https://github.com/jacobdicksonofficial/network-forensics

Network Forensics - Vulnerability Assessment & Exploitation 🔐

cybersecurity-education forensic-analysis metasploit-framework

Last synced: 03 Feb 2026

https://github.com/priyanshubiswas-tech/deloitte-daikibo-forensic-analysis-task-2

Forensic pay equity analyzer for Deloitte. Processes compensation data to classify gender equality scores into Fair/Unfair/Discriminative tiers. Outputs modified Excel with 3-tier evaluation system.

data data-analysis deloitte excel forensic-analysis

Last synced: 06 Feb 2026

https://github.com/yogsec/digital-forensics-tools

A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk forensics, memory analysis, network monitoring, malware analysis, and more.

bug-bounty-tools bugbounty cybersecurity cybersecurity-tools digital-forensics digital-forensics-tool digital-forensics-tools ethicalhacking forensic-analysis forensic-investigation forensics kali-linux linux osint pentesting pentesting-tools yogsec

Last synced: 16 Jun 2025

https://github.com/blwhit/threathunter

Advanced PowerShell DFIR module for forensic analysis, threat hunting, and cmdline investigation in Windows.

cybersecurity dfir digital-forensics evtx-analysis forensic-analysis forensics incident-response malware-detection powershell security threat-hunting virustotal windows

Last synced: 10 Jun 2026

https://github.com/gustavo-iniguez-goya/decloaker

A simple tool to uncover files, directories, and connections hidden by malware.

forensic-analysis forensics-tools linux-security malware-detection rootkit-detection security-scanner

Last synced: 25 Apr 2026

https://github.com/slasq/browser-autopsy

DFIR tool for offline browser artifacts analysis — Chrome & Firefox

browser-forensics dfir forensic-analysis incident-response python sqlite

Last synced: 07 Jun 2026

https://github.com/teismar/regripper-syntax-for-vscode

A syntax highlighting extension for RegRipper output files, supporting collapsible sections, error and warning detection, and enhanced Outline View navigation. Highlights plugin names, registry paths, timestamps, and values for improved readability.

cybersecurity dfir forensic-analysis registry regripper vscode vscode-extension

Last synced: 04 May 2026

https://github.com/mauricelambert/networkcollectdfir

This script collects data for incident response and forensic (useful for CTF and DFIR challenges !).

dfir forensic-analysis forensics incident-response network network-detection python3 scapy

Last synced: 24 Jul 2025

https://github.com/b0lg0r0v/citrix-netscaler-forensics

This repository contains a list of artifacts to search for while performing a forensic investigation on Citrix Netscaler appliances.

citrix-adc citrix-adc-forensics citrix-netscaler forensic-analysis guide malware

Last synced: 28 Mar 2025

https://github.com/leahkemp/forensics_road_crashes_starter

A bit of starter code to help a colleague get started wrangling and extracting summary statistics from a road crash dataset in R.

forensic-analysis forensics tidyverse

Last synced: 11 Feb 2026

https://github.com/captn3m0/which-electron

Try to find out which Electron version is bundled in an application file.

electron electronjs forensic-analysis software-bill-of-materials static-analysis version-monitoring

Last synced: 28 Feb 2026

https://github.com/ross-spencer/safetext

Go implementation of Safetext by David Jacobson

forensic-analysis forensics identity journalism steganography

Last synced: 28 May 2026

https://github.com/rtulke/chronika

Chronika is a forensic analysis tool for reading and visualizing different browser histories in a chronological timeline format. Supports Chrome, Firefox, Safari, Brave, Opera, Edge, Vivaldi, Tor Browser, Chromium, LibreWolf and all browsers on Linux and macOS.

brave browser browser-forensic browser-forensics chrome chromium edge firefox forensic forensic-analysis forensics forensics-tools historical historical-data librewolf opera safari vivaldi

Last synced: 06 May 2026

https://github.com/mauricelambert/pyemailtools

Analysis and email forgering with SMTP, IMAP and POP3 client (client for emails protocols).

email forensic-analysis forensics pypi pypi-package python3

Last synced: 04 Mar 2025

https://github.com/gabrielfalcao/sanitation

🦀 Tool for developing memory-safe programs while detecting and capturing possibly malicious bytes.

cybersecurity forensic-analysis rust

Last synced: 23 Feb 2026