Skip to content

Files

Latest commit

humblepridehumblepride
init
Dec 30, 2019
cf7a68a · Dec 30, 2019

History

History
1010 lines (908 loc) · 136 KB

Readme_en.md

File metadata and controls

1010 lines (908 loc) · 136 KB

Other Resource Collection Projects:

Forensics

Directory

Forensics

Recent Add

Volatility

Sleuthkit

Rekall

Tools

Recent Add

  • [5208Star][7m] [Py] usarmyresearchlab/dshell Dshell is a network forensic analysis framework.
  • [3337Star][11d] [Py] google/grr remote live forensics for incident response
  • [1912Star][13d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
  • [1227Star][12d] [Py] google/timesketch Collaborative forensic timeline analysis
  • [1155Star][4m] [Go] mozilla/mig Distributed & real time digital forensics at the speed of the cloud
  • [1024Star][13d] [Py] ondyari/faceforensics Github of the FaceForensics dataset
  • [1017Star][12d] [Rich Text Format] decalage2/oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
  • [949Star][2y] [C#] invoke-ir/powerforensics PowerForensics provides an all in one platform for live disk forensic analysis
  • [883Star][2m] [C] cisco/joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
  • [832Star][27d] [Py] yampelo/beagle an incident response and digital forensics tool which transforms security logs and data into graphs.
  • [791Star][4m] [Py] srinivas11789/pcapxray visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
  • [762Star][2m] [Py] snovvcrash/usbrip Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux
  • [544Star][1m] [Go] biggiesmallsag/nighthawkresponse Incident Response Forensic Framework
  • [485Star][26d] [Py] netflix-skunkworks/diffy a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
  • [429Star][3m] [Py] obsidianforensics/hindsight Internet history forensics for Google Chrome/Chromium
  • [419Star][20d] [Py] forensicartifacts/artifacts Digital Forensics Artifact Repository
  • [395Star][2y] [PS] cryps1s/darksurgeon a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
  • [392Star][11m] [Go] mozilla/masche MIG Memory Forensic library
  • [381Star][5y] [JS] le4f/pcap-analyzer online pcap forensic
  • [349Star][3m] [Shell] orlikoski/skadi collection, processing and advanced analysis of forensic artifacts and images.
  • [324Star][11m] [Py] alessandroz/lazagneforensic Windows passwords decryption from dump files
  • [320Star][2y] [C] fireeye/rvmi A New Paradigm For Full System Analysis
  • [316Star][12d] [Py] google/turbinia Automation and Scaling of Digital Forensics Tools
  • [303Star][2m] [Shell] vitaly-kamluk/bitscout Remote forensics meta tool
  • [295Star][3y] invoke-ir/forensicposters 多种数据结构图解:MBR/GPT/...
  • [274Star][13d] [Perl] owasp/o-saft OWASP SSL advanced forensic tool
  • [268Star][3y] [Py] ghirensics/ghiro Automated image forensics tool
  • [263Star][7m] [Batchfile] diogo-fernan/ir-rescue A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
  • [260Star][1m] [Py] google/docker-explorer A tool to help forensicate offline docker acquisitions
  • [252Star][1y] [C++] comaeio/swishdbgext Incident Response & Digital Forensics Debugging Extension
  • [247Star][1m] [Py] orlikoski/cdqr a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
  • [245Star][1y] [Py] crowdstrike/forensics Scripts and code referenced in CrowdStrike blog posts
  • [233Star][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • [225Star][3m] [Py] crowdstrike/automactc Automated Mac Forensic Triage Collector
  • [224Star][4y] [Java] nowsecure/android-forensics Open source Android Forensics app and framework
  • [213Star][2y] [C#] shanek2/invtero.net A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
  • [202Star][11m] [Py] medbenali/cyberscan Network's Forensics ToolKit
  • [191Star][2m] [Py] lazza/recuperabit A tool for forensic file system reconstruction.
  • [177Star][11d] [Py] markbaggett/srum-dump A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  • [176Star][4y] [Py] csababarta/ntdsxtract Active Directory forensic framework
  • [168Star][2y] [Py] monrocoury/forensic-tools A collection of tools for forensic analysis
  • [162Star][6m] [Py] cvandeplas/elk-forensics ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)
  • [162Star][2m] [C++] gregwar/fatcat FAT filesystems explore, extract, repair, and forensic tool
  • [158Star][2m] [Py] travisfoley/dfirtriage Digital forensic acquisition tool for Windows based incident response.
  • [154Star][9m] [Py] vikwin/pcapfex 'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files
  • [150Star][4m] [Py] stuhli/dfirtrack The Incident Response Tracking Application
  • [149Star][4y] [Py] arxsys/dff a Forensics Framework coming with command line and graphical interfaces.
  • [146Star][2y] [Py] davidpany/wmi_forensics scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files
  • [141Star][2m] [C++] dfir-orc/dfir-orc Forensics artefact collection tool for systems running Microsoft Windows
  • [139Star][2y] [Py] jrbancel/chromagnon Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
  • [131Star][2m] [Py] benjeems/packetstrider A network packet forensics tool for SSH
  • [131Star][2m] [Py] log2timeline/dfvfs Digital Forensics Virtual File System (dfVFS)
  • [123Star][3y] [PS] silverhack/voyeur generate a fast (and pretty) Active Directory report.
  • [122Star][3m] [Py] redaelli/imago-forensics a python tool that extract digital evidences from images.
  • [119Star][2y] [PS] javelinnetworks/ir-tools forensics of domain based attacks on an infected host
  • [118Star][13d] [Py] domainaware/parsedmarc A Python package and CLI for parsing aggregate and forensic DMARC reports
  • [115Star][1y] [Shell] theflakes/ultimate-forensics-vm Evolving directions on building the best Open Source Forensics VM
  • [113Star][1y] [C#] damonmohammadbagher/meterpreter_payload_detection Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
  • [112Star][8m] [PHP] xplico/xplico Open Source Network Forensic Analysis Tool (NFAT)
  • [108Star][5y] [Py] mspreitz/adel dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow
  • [108Star][3y] projectretroscope/retroscope Public release of the RetroScope Android memory forensics framework
  • [99Star][2y] [Py] trendmicro/defplorex defplorex for BlackHat Arsenal
  • [98Star][6y] [Py] matonis/page_brute a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys
  • [97Star][5m] [Py] woanware/usbdeviceforensics Python script for extracting USB information from Windows registry hives
  • [96Star][1m] [Py] airbus-cert/regrippy a framework for reading and extracting useful forensics data from Windows registry hives
  • [96Star][2y] [JS] anttikurittu/kirjuri a web application for managing cases and physical forensic evidence items.
  • [93Star][20d] [Py] log2timeline/dftimewolf A framework for orchestrating forensic collection, processing and data export
  • [88Star][6m] [Go] coinbase/dexter Forensics acquisition framework designed to be extensible and secure
  • [87Star][2y] [C++] google/aff4 The Advanced Forensic File Format
  • [86Star][2y] [Py] cheeky4n6monkey/4n6-scripts Forensic Scripts
  • [85Star][6m] [Py] quantika14/guasap-whatsapp-foresincs-tool WhatsApp Forensic Tool
  • [79Star][3m] [Py] google/giftstick 1-Click push forensics evidence to the cloud
  • [78Star][3y] [C++] jeffbryner/nbdserver Network Block Device Server for windows with a DFIR/forensic focus.
  • [78Star][2y] [Py] trolldbois/python-haystack Process heap analysis framework - Windows/Linux - record type inference and forensics
  • [74Star][2y] [Py] busindre/dumpzilla Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
  • [73Star][2y] [C++] kasperskylab/forensicstools Tools for DFIR
  • [64Star][2y] [Py] darkquasar/wmi_persistence A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
  • [64Star][1y] [Py] ralphje/imagemounter Command line utility and Python package to ease the (un)mounting of forensic disk images
  • [63Star][3m] [C] carmaa/interrogate a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
  • [63Star][2y] [Shell] yukinoshita47/pentest-tools-auto-installer Tool sederhana buat install tool-tool pentest dan forensic bagi pengguna linux yang jenis nya non-pentest OS
  • [61Star][4y] [Py] sysinsider/usbtracker Quick & dirty coded incident response and forensics python script to track USB devices events and artifacts in a Windows OS (Vista and later).
  • [53Star][5y] [Py] osandamalith/chromefreak A Cross-Platform Forensic Framework for Google Chrome
  • [50Star][10d] [PS] s3cur3th1ssh1t/creds Some usefull Scripts and Executables for Pentest & Forensics
  • [46Star][3y] [PS] n3l5/irfartpull PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.
  • [46Star][1y] [Py] sentenza/gimp-ela A JPEG Error Level Analysis forensic plugin for the GNU Image Manipulation Program (GIMP)
  • [46Star][8m] [YARA] xumeiquer/yara-forensics Set of Yara rules for finding files using magics headers
  • [43Star][4m] [TSQL] abrignoni/dfir-sql-query-repo Collection of SQL query templates for digital forensics use by platform and application.
  • [43Star][2y] [C#] zacbrown/hiddentreasure-etw-demo Basic demo for Hidden Treasure talk.
  • [42Star][11d] [Py] simsong/dfxml Digital Forensics XML project and library
  • [40Star][2y] [HTML] scorelab/androphsy An Open Source Mobile Forensics Investigation Tool for Android Platform
  • [39Star][4y] [AutoIt] ajmartel/irtriage Incident Response Triage - Windows Evidence Collection for Forensic Analysis
  • [38Star][2y] [C] adulau/dcfldd enhanced version of dd for forensics and security
  • [38Star][2y] [Py] ytisf/muninn A short and small memory forensics helper.
  • [37Star][10m] [Py] att/docker-forensics Tools to assist in forensicating docker
  • [36Star][5y] [Py] eurecom-s3/actaeon Memory forensics of virtualization environments
  • [35Star][8m] [Py] am0nt31r0/osint-search Useful for digital forensics investigations or initial black-box pentest footprinting.
  • [33Star][2y] [C] weaknetlabs/byteforce Offline Digital Forensics Tool for Binary Files
  • [32Star][1y] [Py] andreafortuna/autotimeliner Automagically extract forensic timeline from volatile memory dump
  • [31Star][7y] [Perl] appliedsec/forensicscanner Forensic Scanner
  • [31Star][2y] [Py] bltsec/violent-python3 Python 3 scripts based on lessons learned from Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor.
  • [31Star][5y] [Py] madpowah/forensicpcap a Python Network Forensic tool to analyze a PCAP file.
  • [28Star][6y] [Py] c0d3sh3lf/android_forensics Bypassing Android Pattern Lock
  • [27Star][3y] [Java] animeshshaw/chromeforensics A tool to perform automated forensic analysis of Chrome Browser.
  • [26Star][4y] [Py] cyberhatcoil/acf Android Connections Forensics
  • [24Star][7y] [Ruby] chrislee35/flowtag FlowTag visualizes pcap files for forensic analysis
  • [24Star][3y] [Py] forensicmatt/pancakeviewer A DFVFS Backed Forensic Viewer
  • [23Star][3m] [Pascal] nannib/imm2virtual This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
  • [22Star][2y] [C] lorecioni/imagesplicingdetection Illuminant inconsistencies for image splicing detection in forensics
  • [22Star][1y] [C] paul-tew/lifer Windows link file forensic examiner
  • [22Star][3m] [Py] circl/forensic-tools CIRCL system forensic tools or a jumble of tools to support forensic
  • [21Star][2y] [Py] harris21/afot Automation Forensics Tool for Windows
  • [20Star][5y] [JS] jonstewart/sifter Indexed search and clustering tool for digital forensics
  • [19Star][3y] [Py] lukdog/backtolife Memory forensic tool for process resurrection starting from a memory dump
  • [18Star][3y] [C++] nshadov/screensaver-mouse-jiggler Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)
  • [18Star][20d] [Py] sekoialab/fastir_artifacts Live forensic artifacts collector
  • [17Star][Java] marten4n6/email4n6 A simple cross-platform forensic application for processing email files.
  • [16Star][9m] [Smarty] forensenellanebbia/xways-forensics Personal settings for X-Ways Forensics
  • [15Star][2m] [Dockerfile] bitsofinfo/comms-analyzer-toolbox Tool for forensic analysis, search and graphing of communications content such as email MBOX files and CSV text message data using Elasticsearch and Kibana
  • [13Star][10m] [Shell] matthewclarkmay/ftriage Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  • [13Star][1y] theresafewconors/file-system-forensics Repo for Reports on forensic analysis of various File Systems (NoWare to Hide)
  • [11Star][3y] [Py] nipunjaswal/wireless-forensics-framework Wireless Forensics Framework In Python
  • [11Star][1y] [C++] shujianyang/btrforensics Forensic Analysis Tool for Btrfs File System.
  • [10Star][2y] [PS] b2dfir/b2response Logged PS Remote Command Wrapper for Blue Team Forensics/IR
  • [10Star][3y] [Py] sekoialab/fastir_server The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent
  • [9Star][10m] [Perl] randomaccess3/4n6_stuff Git for me to put all my forensics stuff
  • [9Star][8y] [Perl] superponible/search-strings-extension srch_strings is a useful tool in digital forensics. Using the "-t d" option will give a byte location for the string. This repository contains two scripts that automatically map the byte location to the filesystem block containing the string.
  • [9Star][1y] [Py] svelizdonoso/logfishh Logs Forensic Investigator SSH
  • [9Star][7y] [JS] thinkski/vinetto Forensic tool for examining Thumbs.db files
  • [8Star][7y] [Py] agnivesh/aft [Deprecated] Android Forensic Toolkit
  • [8Star][2y] asiamina/a-course-on-digital-forensics A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
  • [8Star][2m] [PS] tvfischer/ps-srum-hunting PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
  • [7Star][4m] [PS] 1cysw0rdk0/whodunnit A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
  • [7Star][3y] dfax/dfax (DEPRECATED) Digital Forensic Analysis eXpression
  • [7Star][1y] [Py] dlcowen/testkitchen Scripts from The Forensic Lunch Test Kitchen segments
  • [7Star][3y] [Py] maurermj08/vftools An open source forensic toolkit built on dfVFS
  • [7Star][2y] [Rust] rustensic/prefetchkit A powerful forensic commandline tool for analyzing Microsoft Prefetch files.
  • [7Star][2y] socprime/muddywater-apt an APT group that has been active throughout 2017
  • [6Star][4y] [C#] alphadelta/clearbytes Data forensic tool
  • [6Star][6m] [Shell] hestat/calamity A script to assist in processing forensic RAM captures for malware triage
  • [5Star][1y] [Shell] kpcyrd/booty Minimal forensic/exfiltration/evil-maid/rescue live boot system
  • [5Star][8m] zmbf0r3ns1cs/bf-elk Burnham Forensics ELK Deployment Files
  • [5Star][9m] [Py] obsidianforensics/scripts Small scripts and POCs related to digital forensics
  • [4Star][5m] [Py] bradley-evans/cfltools A logfile analysis tool for cyberforensics investigators.
  • [4Star][3y] jaredthecoder/codestock2017-stuxnet-forensic-analysis Slides and demo script for my talk at Codestock 2017
  • [4Star][3y] [Py] rotenkatz/ecos_romfs_unpacker It is a simple ecos ROMFS unpacker for forensics and firmware analysis needs
  • [3Star][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
  • [3Star][1y] [Py] inp2/sherlock a digital forensic analysis toolkit that relies on graph theory, link analysis, and probabilistic graphical models in order to aid the examiner in digital forensic investigations.
  • [2Star][2y] [Py] edisonljh/hadoop_ftk Hadoop File System Forensics Toolkit
  • [2Star][C] enrico204/unhide A fork of original "unhide" forensics tool from SourceForge CVS
  • [2Star][4m] [Py] docker-forensics-toolkit/toolkit A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
  • [2Star][1m] [Py] thebeanogamer/hstsparser A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
  • [1Star][3m] [Go] cdstelly/nugget A Domain Specific Language for Digital Forensics
  • [1Star][3y] [C++] colinmckaycampbell/rapidfilehash Fast and powerful SHA256 hashing for malware detection and digital forensics.
  • [1Star][6m] [Py] pagabuc/atomicity_tops Introducing the Temporal Dimension to Memory Forensics - ACM Transactions on Privacy and Security 2019
  • [1Star][2y] [Py] trolldbois/python-haystack-reverse Memory forensics data structure reversing
  • [0Star][4y] bedazzlinghex/disk-analysis Contains tools to perform malware and forensic analysis on disk
  • [0Star][3y] [C] irq8/trackercat A GPS Forensics Utility to Parse GPX Files

LinuxDistro

  • [127Star][11m] [Shell] wmal/kodachi Linux Kodachi operating system, based on Xubuntu 18.04, provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
  • [104Star][6y] santoku/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
  • [13Star][4y] nelenkov/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics

Resource Collection

  • [3230Star][14d] [Rich Text Format] the-art-of-hacking/h4cker thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
  • [841Star][2m] cugu/awesome-forensics A curated list of awesome forensic analysis tools and resources
  • [265Star][10d] [Py] den4uk/andriller a collection of forensic tools for smartphones
  • [76Star][3m] ivbeg/awesome-forensicstools Awesome list of digital forensic tools
  • [12Star][27d] gaurav-gogia/dftools A curated list of digital forensic tools.
  • [10Star][4y] [Py] randomsctf/ctf-scripts A collection of short scripts for analysis, encryption and forensics, that can be used for CTF and/or security assessments
  • [8Star][26d] [Shell] kbnlresearch/forensicimagingresources resources and documentation related to an effort at setting up an experimental small-scale forensic imaging facility.
  • [4Star][2y] netseclab/paper_for_digital_forensics This is a collection of papers, codes, issues for digital forensics.
  • [2Star][2y] kanglib/edu_for A cheat sheet for digital forensics

Volatility

sleuthkit

  • [1482Star][11d] [C] sleuthkit/sleuthkit a library and collection of command line digital forensics tools that allow you to investigate volume and file system data.
  • [840Star][9d] [Java] sleuthkit/autopsy a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
  • [26Star][2m] blackbagtech/sleuthkit-apfs A fork of The Sleuthkit with Pooled Storage and APFS support. See
  • [6Star][3y] [Pascal] nannib/nbtempow a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.
  • [1Star][3m] [Shell] nannib/nbtempo a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format.

Rekall

bulk_extractor

Anti-Forensic

  • [2736Star][3y] [Py] hephaest0s/usbkill an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
  • [339Star][2y] [C] natebrune/silk-guardian an anti-forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
  • [78Star][2y] [C] elfmaster/saruman ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
  • [67Star][3y] [Shell] trpt/usbdeath anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal
  • [35Star][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
  • [20Star][3y] [Py] ncatlin/lockwatcher Anti-forensic monitor program: watches for signs of tampering and purges keys/shuts everything down.
  • [15Star][1y] [C#] thereisnotime/xxusbsentinel Windows anti-forensics USB monitoring tool.
  • [12Star][5y] [C#] maldevel/clearlogs Clear All Windows System Logs - AntiForensics
  • [11Star][3y] [Shell] phosphore/burn [WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles

macOS

iOS

Linux

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.