GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BSI-Bund → RdpCacheStitcher

BSI-Bund / RdpCacheStitcher

Licence: other
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Programming Languages

C++
36643 projects - #6 most used programming language
QMake
1090 projects

Labels

securityincident-responseforensicsdfircybersecurityrdpincident-response-toolingdigitalforensics

Projects that are alternatives of or similar to RdpCacheStitcher

Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+76.7%)
Mutual labels:  incident-response, forensics, dfir, cybersecurity
Packrat
Live system forensic collector
Stars: ✭ 16 (-90.91%)
Mutual labels:  incident-response, forensics, dfir, incident-response-tooling
Awesome Incident Response
A curated list of tools for incident response
Stars: ✭ 4,753 (+2600.57%)
Mutual labels:  incident-response, dfir, cybersecurity, incident-response-tooling
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+1206.82%)
Mutual labels:  incident-response, dfir, incident-response-tooling
Memlabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+295.45%)
Mutual labels:  forensics, dfir, cybersecurity
MEAT
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-42.61%)
Mutual labels:  incident-response, forensics, dfir
CDIR
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-30.68%)
Mutual labels:  incident-response, forensics, dfir
Invoke Liveresponse
Invoke-LiveResponse
Stars: ✭ 115 (-34.66%)
Mutual labels:  incident-response, forensics, dfir
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+27.27%)
Mutual labels:  incident-response, forensics, dfir
Pypowershellxray
Python script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+9.09%)
Mutual labels:  incident-response, forensics, dfir
ir scripts
incident response scripts
Stars: ✭ 17 (-90.34%)
Mutual labels:  incident-response, forensics, dfir
EventTranscriptParser
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-87.5%)
Mutual labels:  forensics, dfir, cybersecurity
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-76.14%)
Mutual labels:  forensics, dfir, cybersecurity
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-81.82%)
Mutual labels:  incident-response, forensics, dfir
uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+47.73%)
Mutual labels:  incident-response, forensics, dfir
PSTrace
Trace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-78.41%)
Mutual labels:  incident-response, forensics, dfir
CCXDigger
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-74.43%)
Mutual labels:  incident-response, forensics, dfir
Sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+1006.82%)
Mutual labels:  incident-response, forensics
Thehive4py
Python API Client for TheHive
Stars: ✭ 143 (-18.75%)
Mutual labels:  incident-response, dfir
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-13.64%)
Mutual labels:  incident-response, dfir
View All Similar Projects ➔

RdpCacheStitcher

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools (https://github.com/ANSSI-FR/bmc-tools) as input, it provides a graphical user interface and several placement heuristics for stitching tiles together so that meaningful images or even full screenshots can be reconstructed.

RdpCacheStitcher GUI

Features

  • Show hints where a selected tile might fit best visually
  • Provide an ordered list of tiles that could best be placed visually for a selected empty cell
  • When hovering over a tile, preview how it might look when placed
  • Work with multiple screens per case
  • Options to exclude already used, non-square or duplicate tiles
  • Crop and export all reconstructed images belonging to a case as PNG
  • The sub-window with all available tiles is dockable, i.e. it can be its own window and move to a different display
  • Keep individual notes per screen

Manual

A complete manual with a description of all features and the workflow for a typical use case can be found in the document RdpCacheStitcher_manual.pdf.

Installing prerequisites and starting RdpCacheStitcher

You can download prebuilt binaries of RdpCacheStitcher for 64bit Linux and Windows at https://github.com/BSI-Bund/RdpCacheStitcher/releases/. For each system you have to install one necessary prerequisite first.

Ubuntu

  • Install the package libqt5widgets5: sudo apt install libqt5widgets5
  • Run RdpCacheStitcher

Windows

Build from source

If you want to build RdpCacheStitcher from source, you need to install the Qt development framework first. Then, simply open the file RdpCacheStitcher.pro in Qt Creator and build the project from there.

License

RdpCacheStitcher is copyright 2020 Bundesamt fuer Sicherheit in der Informationstechnik (BSI)

RdpCacheStitcher is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

RdpCacheStitcher is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with RdpCacheStitcher. If not, see https://www.gnu.org/licenses/.

RdpCacheStitcher uses the open source (L)GPL v3 version of Qt, which you can download at http://download.qt.io/archive/qt/.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].