Projects in Awesome Lists tagged with forensics
A curated list of projects in awesome lists tagged with forensics .
https://github.com/sherlock-project/sherlock
Hunt down social media accounts by username across social networks
cli cti cybersecurity forensics hacktoberfest information-gathering infosec linux osint pentesting python python3 reconnaissance redteam sherlock tools
Last synced: 17 Apr 2025
https://github.com/WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
analyzer binary-analysis c-plus-plus cybersecurity dark-mode dear-imgui disassembler forensics hacking hacktoberfest hex-editor ips mathematical-evaluator multi-platform pattern-language preprocessor reverse-engineering static-analysis windows
Last synced: 16 Mar 2025
https://github.com/werwolv/imhex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
analyzer binary-analysis c-plus-plus cybersecurity dark-mode dear-imgui disassembler forensics hacking hacktoberfest hex-editor ips mathematical-evaluator multi-platform pattern-language preprocessor reverse-engineering static-analysis windows
Last synced: 08 Apr 2025
https://github.com/radareorg/radare2
UNIX-like reverse engineering framework and command-line toolset
binary-analysis c commandline disassembler forensics hacktoberfest malware-analysis radare2 reverse-engineering security
Last synced: 17 Apr 2025
https://github.com/prowler-cloud/prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
aws azure cis-benchmark cloud compliance cspm devsecops forensics gcp gdpr hardening iam multi-cloud python saas security security-audit security-hardening security-tools well-architected
Last synced: 18 Apr 2025
https://github.com/kubeshark/kubeshark
The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes
amqp cloud-native devops devops-tools docker forensics go golang grpc incident-response kafka kubernetes microservice microservices microservices-application observability redis rest sniffer wireshark
Last synced: 18 Apr 2025
https://github.com/mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
android forensics forensics-tools ios mobile security
Last synced: 19 Apr 2025
https://github.com/rmusser01/infosec_reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
blueteam forensics hacking hacking-simulator hacktoberfest hacktoberfest2021 information-security infosec infosec-reference linux osx penetration-testing pentesting privilege-escalation privilege-escalation-exploits red-team references reverse-engineering windows
Last synced: 13 Apr 2025
https://github.com/rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
blueteam forensics hacking hacking-simulator hacktoberfest hacktoberfest2021 information-security infosec infosec-reference linux osx penetration-testing pentesting privilege-escalation privilege-escalation-exploits red-team references reverse-engineering windows
Last synced: 26 Mar 2025
https://github.com/Hack-with-Github/Free-Security-eBooks
Free Security and Hacking eBooks
cloud-security cyber-security ebooks forensics hackers-handbook hacking hacking-ebooks kali-linux penetration-testing security
Last synced: 25 Mar 2025
https://github.com/hack-with-github/free-security-ebooks
Free Security and Hacking eBooks
cloud-security cyber-security ebooks forensics hackers-handbook hacking hacking-ebooks kali-linux penetration-testing security
Last synced: 17 Jan 2025
https://github.com/toolswatch/blackhat-arsenal-tools
Official Black Hat Arsenal Security Tools Repository
arsenal blackhat forensics hacking hacking-tool ics-scada security-scanner security-tools webapp
Last synced: 30 Mar 2025
https://github.com/decalage2/oletools
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
compound forensics macros malware-analysis ms-office-documents ole-files olefile parser pyparsing python python-library rtf security vba
Last synced: 08 Apr 2025
https://github.com/volatilityfoundation/volatility3
Volatility 3.0 development
digital-investigation forensics incident-response malware memory python ram volatility volatility-framework
Last synced: 08 Apr 2025
https://github.com/sleuthkit/sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
forensics incident-response ntfs sleuthkit tct
Last synced: 10 Apr 2025
https://github.com/sleuthkit/autopsy
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
Last synced: 10 Apr 2025
https://github.com/WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
attack blueteam chainsaw countercept detection dfir forensics logs rust security sigma threat-hunting windows
Last synced: 27 Mar 2025
https://github.com/Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
attack cybersecurity detection dfir event forensics hayabusa hunting incident incident-response logs response rust security security-automation sigma threat threat-hunting windows yamato
Last synced: 02 Apr 2025
https://github.com/dreddsa5dies/gohacktools
Hacker tools on Go (Golang)
beginner bruteforce forensics go golang hack hackers pentesters scanner security tools
Last synced: 06 Apr 2025
https://github.com/dreddsa5dies/goHackTools
Hacker tools on Go (Golang)
beginner bruteforce forensics go golang hack hackers pentesters scanner security tools
Last synced: 11 Apr 2025
https://github.com/mikeroyal/digital-forensics-guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
alerting cyber-security detection-engineering dfir digital-forensics digitalforensicreadiness digitalforensics forensic-analysis forensics forensics-investigations forensics-tools intrusion-detection mitre-attack network-security offensive-security osint port-scanning security siem threat-intelligence
Last synced: 08 Apr 2025
https://github.com/frankwxu/digital-forensics-lab
Free hands-on digital forensics labs for students and faculty
cyber cybercrime cybersecurity cybersecurity-education digital education forensics free hands-on investigation
Last synced: 13 Apr 2025
https://github.com/mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
alerting cyber-security detection-engineering dfir digital-forensics digitalforensicreadiness digitalforensics forensic-analysis forensics forensics-investigations forensics-tools intrusion-detection mitre-attack network-security offensive-security osint port-scanning security siem threat-intelligence
Last synced: 14 Mar 2025
https://github.com/Srinivas11789/PcapXray
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic
Last synced: 07 Apr 2025
https://github.com/srinivas11789/pcapxray
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
computer-forensics cybersecurity forensic-analysis forensics network network-diagram packets pcap python security tor tor-traffic traffic
Last synced: 13 Mar 2025
https://github.com/simsong/tcpflow
TCP/IP packet demultiplexer. Download from:
digital-forensics forensics tcp-protocol tcpip
Last synced: 10 Apr 2025
https://github.com/AmnestyTech/investigations
Indicators of Compromise from Amnesty International's cyber investigations
forensics spyware threat-hunting threat-intelligence
Last synced: 15 Apr 2025
https://github.com/stuxnet999/MemLabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
ctf ctf-challenges cybersecurity dfir digital-forensics forensics memory-forensics security windows
Last synced: 13 Apr 2025
https://github.com/den4uk/andriller
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
Last synced: 14 Apr 2025
https://github.com/pablolec/recoverpy
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
cli console cybersecurity data data-recovery files forensics hacking linux macos pentesting python python3 recovery search search-interface terminal textual tool tui
Last synced: 10 Apr 2025
https://github.com/PabloLec/RecoverPy
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
cli console cybersecurity data data-recovery files forensics hacking linux macos pentesting python python3 recovery search search-interface terminal textual tool tui
Last synced: 24 Mar 2025
https://github.com/snovvcrash/usbrip
Tracking history of USB events on GNU/Linux
forensics security usb-devices usb-events usb-history
Last synced: 18 Jan 2025
https://github.com/obsidianforensics/hindsight
Web browser forensics for Google Chrome/Chromium
chrome dfir forensics google-chrome hindsight
Last synced: 10 Apr 2025
https://github.com/thehackingsage/hackdroid
Security Apps for Android
android apk apps cryptography dos forensics hacking-tool hid-attacks mitm networking penetration-testing pentesting privacy security sniffing terminal wireless
Last synced: 12 Apr 2025
https://github.com/tclahr/uac
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
aix collector computer-forensics dfir esxi forensics freebsd incident-response linux live-response macos netbsd netscaler openbsd script security shell solaris terminal triage
Last synced: 13 Apr 2025
https://github.com/avilladaniel/avillaforensics
Avilla Forensics 3.0
adb adb-commands android apktool devices digital-forensics downgrade downgrade-attack extrator forensic-analysis forensics forensics-tools instagram ios mobile mobile-forensics signal telegram whatsapp whatsapp-parser
Last synced: 14 Apr 2025
https://github.com/google/turbinia
Automation and Scaling of Digital Forensics Tools
cloud dfir forensics security security-automation
Last synced: 02 Apr 2025
https://github.com/williballenthin/python-evtx
Pure Python parser for Windows Event Log files (.evtx)
Last synced: 11 Apr 2025
https://github.com/PaulNorman01/Forensia
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
anti-forensics evasion forensics post-exploitation redteam
Last synced: 18 Nov 2024
https://github.com/ashemery/linuxforensics
Everything related to Linux Forensics
dfir digital-forensics forensics investigations linux
Last synced: 04 Apr 2025
https://github.com/wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
auditd detection evtx evtxtract forensics forensics-tools pysigma python3 sigma sigma-rules sysmon
Last synced: 21 Nov 2024
https://github.com/graniet/operative-framework
operative framework is a rust investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
enterprise fingerprint forensics framework gathering geoint investigation linkedin osint phone rust rust-lang scraper societe whatsapp whatsapp-api whatsapp-web
Last synced: 07 Apr 2025
https://github.com/ashemery/LinuxForensics
Everything related to Linux Forensics
dfir digital-forensics forensics investigations linux
Last synced: 18 Nov 2024
https://github.com/netflix-skunkworks/diffy
:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Last synced: 12 Apr 2025
https://github.com/Netflix-Skunkworks/diffy
:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Last synced: 11 Nov 2024
https://github.com/bluecapesecurity/PWF
Practical Windows Forensics Training
blueteam cybersecurity forensics purpleteam
Last synced: 21 Nov 2024
https://github.com/cscorza/osint-forensics-mobile
Tools OSINT MOBILE
forensics forensics-data forensics-investigations messenger osint osint-resources osint-tool rete smartphone smartphone-app smartphone-interaction social-network-analysis
Last synced: 25 Mar 2025
https://github.com/cristianzsh/forensictools
Collection of forensic tools
binary-analysis dfir forensic-examinations forensics forensics-tools incident-response toolkit tools
Last synced: 11 Mar 2025
https://github.com/google/docker-explorer
A tool to help forensicate offline docker acquisitions
Last synced: 14 Mar 2025
https://github.com/Johnng007/Live-Forensicator
A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell)
bash eventlog-analysis eventlogs forensicator forensics forensics-investigations incident-response linux linux-shell live-forensic log4j macos powershell ransomeware
Last synced: 21 Nov 2024
https://github.com/teamdfir/sift
SIFT
aws cast cast-distro cli forensics issues-only memory-forensics salt-state saltstack sans sift timeline-analysis
Last synced: 05 Apr 2025
https://github.com/Lazza/RecuperaBit
A tool for forensic file system reconstruction.
dfir disk forensics ntfs partition recover-files
Last synced: 13 Nov 2024
https://github.com/lazza/recuperabit
A tool for forensic file system reconstruction.
dfir disk forensics ntfs partition recover-files
Last synced: 04 Apr 2025
https://github.com/yuvrajraghuvanshis/whatsapp-key-database-extractor
The most advanced and complete solution for extracting WhatsApp key/DB from package directory (/data/data/com.whatsapp) without root access.
adb adb-backup android apk extract-backup forensics msgstore signal whatsapp whatsapp-key
Last synced: 12 Apr 2025
https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor
The most advanced and complete solution for extracting WhatsApp key/DB from package directory (/data/data/com.whatsapp) without root access.
adb adb-backup android apk extract-backup forensics msgstore signal whatsapp whatsapp-key
Last synced: 04 Apr 2025
https://github.com/sevagas/swap_digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
dfir forensics hacking post-exploitation security
Last synced: 05 Apr 2025
https://github.com/JPCERTCC/MalConfScan
Volatility plugin for extracts configuration data of known malware
forensics malware memory python security volatility
Last synced: 30 Mar 2025
https://github.com/jpcertcc/malconfscan
Volatility plugin for extracts configuration data of known malware
forensics malware memory python security volatility
Last synced: 05 Apr 2025
https://github.com/ANSSI-FR/ADTimeline
Timeline of Active Directory changes with replication metadata
active-directory dfir forensics powershell splunk timeline windows
Last synced: 25 Nov 2024
https://github.com/rafael-santiago/pig
A Linux packet crafting tool.
arp-spoofing denial-of-service forensics hacking hacking-tool intrusion-prevention network-analysis network-protocols network-security-monitoring network-test networking packet-crafting
Last synced: 06 Apr 2025
https://github.com/diogo-fernan/ir-rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
bash batch cybersecurity dfir forensics incident-response malware nirsoft sysinternals unix windows
Last synced: 02 Apr 2025
https://github.com/TonyPhipps/Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
analysis baseline blue forensics hunt incident log monitor purple recon red response scan security siem soc team threat threat-hunting triage
Last synced: 05 Apr 2025
https://github.com/tonyphipps/meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
analysis baseline blue forensics hunt incident log monitor purple recon red response scan security siem soc team threat threat-hunting triage
Last synced: 02 Apr 2025
https://github.com/quillhash/web3-security-tools
This repository contains a list of the most popular and widely used tools in web3 security. If you find any tools missing, you can create a pull request and be a contribute the project.
auditing blockchain forensics smartcontracts tools web3 web3security
Last synced: 26 Feb 2025
https://github.com/Quillhash/Web3-Security-Tools
This repository contains a list of the most popular and widely used tools in web3 security. If you find any tools missing, you can create a pull request and be a contribute the project.
auditing blockchain forensics smartcontracts tools web3 web3security
Last synced: 17 Apr 2025
https://github.com/psmths/windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11
Last synced: 06 Apr 2025
https://github.com/6abd/horus
An OSINT / digital forensics tool built in Python
api crypto cryptocurrency cybersecurity decryption digital-forensics encryption forensics hacktoberfest investigation investigations location osint python requests security security-tools steganography tool tools
Last synced: 18 Jan 2025
https://github.com/Gregwar/fatcat
FAT filesystems explore, extract, repair, and forensic tool
cluster-number disk fat fat-filesystems fatcat filesystem forensics orphaned-files recovery repair sector system
Last synced: 13 Mar 2025
https://github.com/nasbench/mindmaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
detection dfir forensics incident-response mindmap threat-hunting threat-intelligence windows
Last synced: 10 Apr 2025
https://github.com/dfw1n/dfw1n-osint
Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
australia cryptography cybersecurity darkweb-data ethical-hacking forensics intelligence intelligence-search-service investigator opensource osint osint-framework osint-reconnaissance osint-resources penetration-testing-tools police redteaming social-media social-network
Last synced: 20 Mar 2025
https://github.com/jsharkey13/iphone_backup_decrypt
Decrypt an encrypted local iOS backup on Windows or MacOS
backup decryption forensics ios ios-backup iphone itunes python whatsapp
Last synced: 07 Apr 2025
https://github.com/AnonCatalyst/Ominis-Osint
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results.
finder forensics information-gathering infosec offsec ominis-osint osint osint-resources osint-tools python reconnaissance scraping search-engine username username-checker web websearch
Last synced: 13 Nov 2024
https://github.com/AnonCatalyst/Ominis-OSINT
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results.
finder forensics information-gathering infosec offsec ominis-osint osint osint-resources osint-tools python reconnaissance scraping search-engine username username-checker web websearch
Last synced: 04 Dec 2024
https://github.com/MK-Ware/Forensic-Tools
A collection of tools for forensic analysis
chrome cookie digital-forensics exif exif-data-extraction exif-extractor exif-metadata extract-metadata facebook facebook-messenger firefox forensic-analysis forensics html-table metadata metadata-extraction parse python skype whatsapp
Last synced: 18 Nov 2024
https://github.com/ShaneK2/inVtero.net
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
attestation cloud-computing forensics hypervisor integrity-monitoring memory-analysis memory-dump memory-hacking microarchitecture patch-management reverse-engineering secure-hash virtual-machine
Last synced: 30 Mar 2025
https://github.com/Psmths/windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
analysis artifacts dfir digital-forensics forensic-analysis forensicartifacts forensics forensics-investigations reference windows windows-11
Last synced: 10 Apr 2025
https://github.com/d3fenderz/windows_security
Is Windows a joke or are you? 🧢
blueteam forensics guide pentesting security-guide windows windows-10 windows-11
Last synced: 13 Apr 2025
https://github.com/cado-security/varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
aws aws-fargate aws-forensics aws-lambda cloud-security dfir dfir-automation docker-forensics eks-forensics fargate-forensics forensics hacktoberfest memory-forensics security
Last synced: 15 Nov 2024
https://github.com/thiber-org/userline
Query and report user logons relations from MS Windows Security Events
blackhat csv dfir docker dockerfile elasticsearch evtx-analisys forensics gephi graph login logon-relations neo4j plaso python windows-eventlog
Last synced: 10 Feb 2025
https://github.com/botherder/androidqf
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
android forensics malware-research security
Last synced: 21 Nov 2024
https://github.com/THIBER-ORG/userline
Query and report user logons relations from MS Windows Security Events
blackhat csv dfir docker dockerfile elasticsearch evtx-analisys forensics gephi graph login logon-relations neo4j plaso python windows-eventlog
Last synced: 21 Nov 2024
https://github.com/dfir-dd/dfir-toolkit
CLI tools for forensic investigation of Windows artifacts
cli dfir digital-forensics digital-forensics-incident-response forensic-analysis forensics forensics-tools rust rust-lang
Last synced: 04 Apr 2025
https://github.com/BSI-Bund/RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
cybersecurity dfir digitalforensics forensics incident-response incident-response-tooling rdp security
Last synced: 10 Apr 2025
https://github.com/jurelou/epagneul
Graph Visualization for windows event logs
blueteam dfir-automation evtx forensics forensics-tools hunting security security-tools threat-hunting
Last synced: 21 Nov 2024
https://github.com/EricZimmerman/MFTECmd
Parses $MFT from NTFS file systems
Last synced: 10 Apr 2025
https://github.com/forrest-orr/artifacts-kit
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
artifact dll forensics generator header hollowing kit malware mirroring moating pe phtnaom shellcode wiping
Last synced: 09 Apr 2025
https://github.com/johnlatwc/pypowershellxray
Python script to decode common encoded PowerShell scripts
dfir forensic-analysis forensics incident-response powershell security security-tools shellcode
Last synced: 19 Dec 2024
