AdtimelineTimeline of Active Directory changes with replication metadata
Invtero.netinVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Radare2UNIX-like reverse engineering framework and command-line toolset
UserlineQuery and report user logons relations from MS Windows Security Events
FatcatFAT filesystems explore, extract, repair, and forensic tool
WhatsdumpExtract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
JoincapMerge multiple pcap files together, gracefully.
SiemSIEM Tactics, Techiques, and Procedures
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
C Aff4An AFF4 C++ implementation.
MbaMalware Behavior Analyzer
TimesketchCollaborative forensic timeline analysis
Hibr2binComae Hibernation File Decompressor
Oletoolsoletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Artifacts KitPseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
TcpflowTCP/IP packet demultiplexer. Download from:
AutopsyAutopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
Etl ParserEvent Trace Log file parser in pure Python
Icpr2020dfdcVideo Face Manipulation Detection Through Ensemble of CNNs
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Dfw1n OsintAustralian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
BrambleBramble is a hacking Open source suite.
Pcapxray❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
PlasoSuper timeline all the things
MftecmdParses $MFT from NTFS file systems
Amt ForensicsRetrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password.
Firefed🕵️ A tool for Firefox profile analysis, data extraction, forensics and hardening
PcapfsA FUSE module to mount captured network data
Tr1pdtamper resistant audit log
GensumPowerful checksum generator!
KauditAlcide Kubernetes Audit Log Analyzer - Alcide kAudit
UsbripTracking history of USB events on GNU/Linux
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
HindsightWeb browser forensics for Google Chrome/Chromium
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Operative Frameworkoperative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
SeqboxA single file container/archive that can be reconstructed even after total loss of file system structures
TurbiniaAutomation and Scaling of Digital Forensics Tools
Awesome ForensicsAwesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
PigA Linux packet crafting tool.
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.