Top 146 forensics open source projects

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A tool to help forensicate offline docker acquisitions

macOS Artifact Parsing Tool

Volatility plugin for extracts configuration data of known malware

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Android Apps, Roms and Platforms for Pentesting

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A tool for forensic file system reconstruction.

Free Security and Hacking eBooks

Wipe files and drives securely with randoms ASCII dicks

Extract BITS jobs from QMGR queue and store them as CSV records

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

RAIR: RAdare In Rust

Enhanced version of dd for forensics and security

Illuminant inconsistencies for image splicing detection in forensics

Jenkins plug-in that mines and analyzes data from a Git repository

Rootkit Detector for UNIX

Salt States for Configuring the SIFT Workstation

A boot record parser that identifies known good signatures for MBR, VBR and IPL.

macOS triage is a python script to collect various macOS logs, artifacts, and other data.

Docker image for hacking

Implementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch

Truehunter

incident response scripts

Very basic CLI SIEM (Security Information and Event Management system).

The Python implementation of the AFF4 standard.

[180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half thi…

Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.

Dumps all of the Key/Value pairs from a LevelDB database

A list of free and open forensics analysis tools and other resources

Scripts to process macOS forensic artifacts

System Management RAM analysis tool

Useful tools for CTF competitions

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Android process memory dump tool without ndk.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

SQBrite is a data recovery tool for SQLite databases

A parser for Unified logging tracev3 files

Volatility Explorer Suit

Trace ScriptBlock execution for powershell v2

PowerShell module for Office 365 and Azure log collection

Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"

U-Net for fingerprint denoising

Provides various Windows Server Active Directory (AD) security-focused reports.

Python 3 Script to parse out iTunes backups

This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.

Ingestors extract the contents of mixed unstructured documents into structured (followthemoney) data.

My solutions to the 2020 NSA Codebreaker Challenge

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Tools for inspecting disk images

Recover files from damaged BTRFS filesystems

Set of Yara rules for finding files using magics headers

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Minimalistic DNS logging tool

Carve file metadata from NTFS index ($I30) attributes

LIFARS Networking Security GNU/Linux distro

The entire walkthrough of all my resolved TryHackMe rooms